Is there a way to configure the web engine in IPMonitor to enable the Strict-Transport-Security (HSTS) response header?
I found a solution to this problem, that I'll share here in case anyone else runs into it. The answer is to use a reverse proxy that can inject the Strict-Transport-Security response header sent back to the client. In my case, I used IIS along with the Application Routing Requests (ARR) and URL Rewrite modules. My reverse proxy listens on a unique port (e.g., 8443) for a connection to my ipMonitor server which is listening on port 443 (or any other port). I'm using IIS v10.x, along with the latest ARR and URL Rewrite modules available from Microsoft. You can use Gemini, Chat GPT, or MS Copilot to get a breakdown of the steps needed to fully implement this method. I used Gemini, which came up with a detailed plan that I was able to successfully execute. Good luck.
