currently HSTS can configured in global level but unable enable in subdomain level
That’s not currently supported in Cloudflare.
But you can do it as easily in your origin server by adding the Strict-Transport-Security header in the response from your server. See the MDN documentation below.
1 Like
You can use Transform Rules (Modify Response Header):
→ https://dash.cloudflare.com/?to=/:account/:zone/rules/transform-rules/modify-response-header
“Set static” will override whatever global setting you have, so even if you’re just testing with “max-age=300; includeSubDomains” under the global HSTS settings, that will now be “max-age=631138519” on the subdomain hsts-subdomain.example.com.
1 Like
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.