HSTS issue

Hello,

I want to setup one subdomain for internal uses only via HTTPS so I need to use a self signed certificate. Now I have the problem that unluckily the mentioned subdomain is setup for HSTS, says Firefox.

On Cloudflare HSTS is disabled…why Firefox says HSTS is set up for this subdomain? I have the domain on Cloudflare so I think that the issue is on Cloudflare side.

It could be on the HSTS preload list, or you enabled HSTS at some time in the past and Firefox remembers that.

You can test this at hstspreload.org

Or post your domain name here and we can check.

Interesting, thanks for the link. It says there is no header but firefox says the domain is configured to use HSTS…very confusing…also curl returns error code 60…very suspicious.

“Error: No HSTS headerResponse error: No HSTS header is present on the response.”

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.