- http://example.com -> https://www.example.com
- http://www.example.com -> https://www.example.com
- https://example.com -> https://www.example.com
"If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to)."
But I don't fully understand that. Does that mean that since https://example.com redirects to https://www.example.com, https://example.com should have HSTS?
But why does it say "not the page it redirects to"?
Confused! Thanks for any help.