You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HSTS allow to notify any browser, using a cached HTTP response header, that the domain must only be accessed via HTTPS.
This allows subsequent requests on the same domain to exclusively use the HTTPS protocol, avoiding numerous 301 redirects.
However, the first call requires an HTTP response (potentially not safe) with an STS (Strict-Transport-Security) header. In addition to enabling HSTS,
it is possible to register in a static list updated on all recent browsers (https://hstspreload.org) to fix this issue
and force browsers to contact the whole domain with HTTPS.
Note that it is quick to register domains on htstpreload.org and affects the whole domain (including subdomains).
Ensure that none of your subdomains would be negatively affected by HTTPS usage before making this registration,
which can be relatively slow to cancel.