Not sure about correct HSTS settings


#1

Hi,

I’d like to enable HSTS but am not sure which settings I should toggle.
I already have Https enabled for my entire site and enabling HSTS shouldn’t be an issue, but I’m not tech savvy and have no idea what most of the options mean and which ones I should choose :slight_smile:
Thanks


#2

HSTS basically means that you are telling your visitors that your site is available through https only. The Max-Age setting within HSTS tells the visitors browser that, for that period of time, the browser should never attempt to connect to your site over plain http.

Here are some Cloudflare blog posts covering HSTS in depth:



#3

Hey Martin,

Thanks for your reply, but I’m asking specifically about what settings are recommended when enabling HSTS. Not what it is.

I’ve read all the help articles and they say what the settings stand for but not what’s actually recommended for which kind of site.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.