HSTS Preload and Subdomains

added by DotNetKicks
4/10/2018 1:18:51 PM

1 Kicks, 199 Views

In order to be eligible for the HSTS Preload list, your site must usually serve a Strict-Transport-Security header with a includeSubdomains directive. Unfortunately, some sites do not follow the best practices recommended and instead just set a one-year preload header with includeSubdomains and then immediately request addition to the HSTS Preload list, meaning that any problems will likely...