I’d like to enable HSTS for my website. All my major services/subdomains only use https, so enabling HSTS for these services would be no issue.
I still host a couple of old services that are served through Cloudflare (orange cloud). They have a flexible SSL setting, just because some old clients don’t use https… also the served content is trivial, so several years ago, we decided it’s alright to serve both https and http.
Now I wonder what would happen if I enable HSTS?
How would the
Including Subdomains with HSTS setting influence this behavior? Will the subdomains that are served through Cloudflare still work via http?