• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

HSTS when having 301 redirects

markku

Well-known member
#1
With the following 301 redirects:
Should I put HSTS only in https://www.example.com block in nginx or in both https://example.com and https://www.example.com?

Google writes:
"If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (not the page it redirects to)."

But I don't fully understand that. Does that mean that since https://example.com redirects to https://www.example.com, https://example.com should have HSTS?

But why does it say "not the page it redirects to"?

Confused! Thanks for any help.