Reputation: 14717
Why my site is considered "No HSTS header is present on the response"
I am supporting a website
and I have followed all the requirements set at
https://hstspreload.appspot.com
However when I entered somesite.com to check status and eligibility, I got errors:
Error: No HSTS header
Response error: No HSTS header is present on the response.
Upvotes: 2
Views: 8328
Answers (1)
Reputation: 45895
The HSTS header is set on https://www.somesite.com/ but not on https://somesite.com/ which is a requirement:
Serve an HSTS header on the base domain for HTTPS requests
Btw as you don't yet have this on your base domain yet I would STRONGLY encourage you to run with it set there for a bit first before submitting for preload in case you have any http only other subdomains (e.g. http://blog.somesite.com or http://intranet.somesite.com) as they will stop working once preloaded as they will now also require https.
Upvotes: 2
Related Questions
- Chrome:The website uses HSTS. Network errors...this page will probably work later
- Warning: Unnecessary HSTS header over HTTP
- HSTS header is not seen in image /JS/CSS files
- How to disable HSTS header with HTTP?
- HSTS header (through .htaccess) not being served on Wordpress pages
- Deployed a site, and it's not allowing me to visit it due to HSTS
- ASP .NET Core no HSTS header in response headers
- Non-Authoritative-Reason header field [HTTP]
- why google.com not set includeSubDomains directive on HSTS response header?
- Why Chrome is not forcing HTTPS if HSTS header is present?