Cloudflare HSTS With Origin HSTS

If I enable the Cloudflare HSTS setting on a zone, is there any risk of duplicate/conflicting HSTS headers if some of my subdomain origins in the zone already send an HSTS header?

1 Like

It’s fine if your origin sends its own HSTS header. If you have Cloudflare HSTS enabled, it will overwrite any HSTS header that your origin sends. It’s still a good idea to have your origin send the header, in case it also serves non-proxied traffic, or if you ever need to temporarily or permanently unproxy some/all your traffic for whatever reason.

Make sure to submit your domains to https://hstspreload.org/ (if you’re sure you’ll never need to use them for non-encrypted traffic)

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.