To enable the HTTP Strict Transport Security (HSTS) response header. Open the settings.yml file located in the Arc installation directory and add the following parameter:

usehsts: true

Then restart Arc.

NOTE:

• Enabling this setting will tell the Arc client that it should only be accessed using HTTPS, instead of using HTTP

• Arc will set the max-age to 2 years and including subdomains

• After changing it to true restarting Arc and establishing an initial connection, it will trigger and the header will be present on subsequent calls

• To remove the HSTS header, one would need to set this setting to false AND remove the domain from the HSTS Cache in the Browser

More information about all settings can be found in the settings.sample.yml file available inside the Arc installation directory.