All Questions
Tagged with hsts sub-domain
5 questions
9
votes
2
answers
3k
views
Do subdomains of a TLD with mandatory HTTPS require a wildcard certificate?
Many new TLDs have mandatory HTTPS requirements. Is there a way to disable that for subdomains? If not does that mean an expensive wildcard SSL certificate will need to be used with these domains?
So ...
2
votes
1
answer
367
views
Can the subdomains have different certificates from the main domain if I use HSTS includeSubDomains and preload?
I have a main domain where I serve my website, and then I have subdomains that I use to deploy other projects which may be temporary. Having set up a deployment system with docker and letsencrypt, ...
10
votes
3
answers
3k
views
Why does HSTS not automatically apply to subdomains to enhance security? For what reason would someone not want HSTS on every subdomain?
HSTS restricts the connection to be always HTTPS if deployed by any domain, however for it to be applied to sub-domains the 'includeSubDomain' attribute is needed. Why doesn't the policy itself make ...
2
votes
1
answer
744
views
Does HSTS inlcudeSubDomains directive include subdomains on all levels?
I asked this question on Stack Overflow, but thought its more relevant here.
Regarding the HSTS includeSubDomains directive. Does this include every subdomain underneath e.g. example.com. So abc.def....
41
votes
4
answers
40k
views
HSTS on a subdomain with includeSubdomains
Suppose that my site is located at foo.example.com and I send the following HTTP header when visitors accessing my site using HTTPS:
Strict-Transport-Security: max-age=31536000; includeSubDomains
...