1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HSTS when having 301 redirects

Discussion in 'Server Configuration and Hosting' started by markku, Feb 2, 2016.

Tags:
  1. markku

    markku Well-Known Member

    With the following 301 redirects:
    Should I put HSTS only in https://www.example.com block in nginx or in both https://example.com and https://www.example.com?

    Google writes:
    "If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to)."

    But I don't fully understand that. Does that mean that since https://example.com redirects to https://www.example.com, https://example.com should have HSTS?

    But why does it say "not the page it redirects to"?

    Confused! Thanks for any help.
     
  2. Nuno

    Nuno Active Member

    markku likes this.
  3. RoldanLT

    RoldanLT Well-Known Member

    Based on this statement:
    HSTS should be:
     
    Nuno likes this.

Share This Page