Caleb wrote:
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.com/article/20-how-do-i-add-http-strict-transport-security-hsts-to-my-website

How does this apply to the default IIS Express, which does not have the standard IIS manager?

Grey wrote:

Caleb wrote:
If you are hosting Lansweeper using IIS, you can add a HTTP Response Header. https://support.nartac.com/article/20-how-do-i-add-http-strict-transport-security-hsts-to-my-website

How does this apply to the default IIS Express, which does not have the standard IIS manager?

Per Microsoft's documentation, something like this should work.

<site name="Lansweeper" id="1" serverAutoStart="true">
        <application path="/" applicationPool="Clr4IntegratedAppPool">
          <virtualDirectory path="/" physicalPath="C:\Program Files (x86)\Lansweeper\website" />
        </application>
        <bindings>
        <binding protocol="https" bindingInformation="*:443:" />
        </bindings>
    <hsts enabled="true" max-age="31536000" includeSubDomains="true"/>
</site>

https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/site/hsts#configuration-sample

I haven't tested, so proceed with caution by making backups and testing in dev first, etc.

Microsoft recommends that you set the max age to a shorter value during testing. https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#http-strict-transport-security-protocol-hsts

Hope this helps.