HSTS test and configuration for only one site (one subdomain)

Hello everyone,
I have question since I am hesitating about it
I have domain and sites under this domain regarding dev/test/stg/prod (subdomain)
all what I need to configure only production for HSTS not all these sites under this domain

also need to test this implementation before saved or at least for 15 mins not to setup for one month which is the minimum in cloudflare

HSTS is not Cloudflare specific. You can always add the HSTS header in your response with custom max-age from your origin. Using this method, you can choose to only add the HSTS header for a specific website.

should I add this header in worker in cloudflare or add to the web config file
where it should be added this header?

Can be anywhere - Workers, .htaccess, Nginx config, as long as you can add the header in some way.

Thanx I will do first on QA server for 5 mins for testing purpose if everything is ok I will do for production

so code should be

“Strict-Transport-Security” : “max-age=300; includeSubDomains; preload”,

do I need to do something else in worker?

You just need to do in one place.

If you added the header in Apache (or other web server), there’s no need to add the header again in Workers.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.