Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
9 votes
2 answers
3k views

Do subdomains of a TLD with mandatory HTTPS require a wildcard certificate?

Many new TLDs have mandatory HTTPS requirements. Is there a way to disable that for subdomains? If not does that mean an expensive wildcard SSL certificate will need to be used with these domains? So ...
JamesWeir's user avatar
2 votes
1 answer
367 views

Can the subdomains have different certificates from the main domain if I use HSTS includeSubDomains and preload?

I have a main domain where I serve my website, and then I have subdomains that I use to deploy other projects which may be temporary. Having set up a deployment system with docker and letsencrypt, ...
progress44's user avatar
10 votes
3 answers
3k views

Why does HSTS not automatically apply to subdomains to enhance security? For what reason would someone not want HSTS on every subdomain?

HSTS restricts the connection to be always HTTPS if deployed by any domain, however for it to be applied to sub-domains the 'includeSubDomain' attribute is needed. Why doesn't the policy itself make ...
mfs's user avatar
  • 541
2 votes
1 answer
744 views

Does HSTS inlcudeSubDomains directive include subdomains on all levels?

I asked this question on Stack Overflow, but thought its more relevant here. Regarding the HSTS includeSubDomains directive. Does this include every subdomain underneath e.g. example.com. So abc.def....
W Khan's user avatar
  • 21
41 votes
4 answers
40k views

HSTS on a subdomain with includeSubdomains

Suppose that my site is located at foo.example.com and I send the following HTTP header when visitors accessing my site using HTTPS: Strict-Transport-Security: max-age=31536000; includeSubDomains ...
rink.attendant.6's user avatar