The HTTP Strict Transport Security protocol ensures that the Controller and its subdomains use only HTTPS connections. It enhances the overall security for Splunk AppDynamics components.

By default, the HSTS is disabled in Splunk AppDynamics On-Premises. Configure the required account as follows:

  1. Log in to Administration Console as the root user.
  2. Select Account Settings.
  3. In Accounts & Licenses, select the Account Name for which you want to enable HSTS and click Edit.
  4. In Account Properties, add the following properties:
    • strictTransportSecurity: Set it to true. This property enables the HSTS protocol.
    • max-age: Specify the duration in seconds. The browser allows only the HTTPS connection for the specified duration.

    • includeSubDomains: Set it to true. This property includes all the sub domains in the Controller.

  5. Click Save.