How to fix: Subdomains don’t support HSTS

/by

Updated on December 2nd, 2024 at 05:27 pm

Estimated reading time: 1 minute

Issue: Subdomains without HTTP Strict Transport Security (HSTS) may serve unsecured content, potentially exposing your users to risks and harming trust and security.

Fix: Configure your server to support HSTS for your subdomains to ensure all content is served securely over HTTPS.

How to Fix for Beginners

  1. Check Server Support: Confirm that your hosting provider or server configuration supports HSTS.
  2. Enable HSTS for Subdomains: Add the HSTS header to your server configuration and include the includeSubDomains directive.
    • Example: Strict-Transport-Security: max-age=31536000; includeSubDomains
  3. Test Implementation: Use tools like SSL Labs to verify that HSTS is properly enabled across your subdomains.
  4. Update DNS Records (Optional): If your domain supports HSTS preload, ensure it is added to the preload list for maximum protection.
  5. Monitor for Issues: Check regularly to ensure all subdomains are being served securely with HSTS enabled.

Tip: Implementing HSTS improves security by ensuring all content is served over HTTPS, building user trust and protecting sensitive data.

You might also like
How to fix: AMP templating issues
How to fix: Issues with incorrect certificate name
How to fix: Homepage does not use HTTPS encryption
How to fix: Orphaned pages (from Google Analytics)
How to fix: Non-secure pages
How to fix: HTTP URLs in sitemap.xml for HTTPS site
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *