Web Central supports the addition of HSTS headers.
Considerations
- Once HSTS is on, it cannot be easily turned off. This is due to the max-age directive of HSTS. Turning it off will not have any effect until the maximum age is reached.
- It is generally recommended that the maximum age be 1 year or more.
- Once a machine visits a domain with HSTS headers present, that machine will only be able to access that domain's site over HTTPS.
- If the SSL on your site expires, the site will be inaccessible until a new SSL is installed. There is no way to bypass the SSL warnings when HSTS is on.
If you are ready to have HSTS enabled, please submit a support ticket. Acknowledge in the ticket that you understand the risks outlined in this article.
Note: HSTS can only be enabled for sites on Platinum Security.
In-Article Glossary
- HSTS: HTTP Strict Transport Security
- HTTPS: Hypertext Transfer Protocol Secure
- SSL: Secure Sockets Layer
Feedback About the Article
Let us know what was helpful or not helpful about the article below.0 comments
Please sign in to leave a comment.