Reputation: 113
What happens if i preload HSTS with Unnecessary HSTS header over HTTP?
The HTTP page at my website sends an HSTS header. This has no effect over HTTP, and should be removed. But what if i decide to not remove the error and preload my website through the HSTS Preload form? What happens?
Upvotes: 0
Views: 598
Answers (1)
Reputation: 45895
Don’t think there’s any preload requirement over this so still should be able to preload.
However if you can’t follow the spec on how to use HSTS, and can’t figure out how to prevent this being illegitimately sent over HTTP (which could have been researched in the time it took to raise your question), then I’d really question whether you are ready for the commitment that preload binds you to. There are real dangers when preloading without understanding the full implications as it’s basically irreversible.
Upvotes: -1
Related Questions
- HSTS preload Meaning
- Warning: Unnecessary HSTS header over HTTP
- Errors when checking eligibility for HSTS preload
- How to disable HSTS header with HTTP?
- How to make clients request over HTTPS without HSTS preload?
- Add Strict-Transport-Security header to all HTTPS responses?
- Strict-Transport-Security influence on http reverse proxy that redirects to https
- HSTS header response processing over secured transport
- Does HSTS upgrade all resources to HTTPS irrespective to the domain
- HSTS header for all resources? or documents?