How do I enable HSTS via host?
What is your domain?
3 Likes
Not possible for free subdomains
Take note it may cause website not to work if SSL is down on free hosting
@KangJL, you have to understand that the requirement to enable HSTS is an active and valid SSL certificate installed, which should be valid at all times starting from the age of adding that header (which is also possible for users that use free subdomains as adding headers can be done through a .htaccess file; plus those users also have a valid SSL certificate installed) and ending in the period specified in seconds by the max-age parameter. So having a free subdomain from us or a custom domain doesn’t impact the result in this case, though for the latter users it’s their responsibility to have the SSL certificate valid (and so active) at all times, as not having a valid SSL certificate with that header set or not disabled will cause the website to stop working.
@Iqpoppppp, please create a .htaccess file on your subdomain’s htdocs folder or, if it exists, edit it and add this content:
Header set Strict-Transport-Security "max-age=63072000"
This should be enough as our free subdomains only have HTTPS coverage on the apex domain and not on any other subdomain of your subdomain, especially since free hosting doesn’t support adding subdomains of subdomains, so you probably can’t add your subdomain to the HSTS preload list.
4 Likes
You are right
Keep mixing up with CloudFlares HSTS.
Well it may cause more pain if there is SSL outage
3 Likes
Well, technically there’s no such a thing called “Cloudflare HSTS”: Cloudflare also just implement the standard HSTS.
3 Likes
Mixed content will also affect HSTS
3 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.