Strict-Transport-Security security header

Hello,

Been trying to setup Strict-Transport-Security security header in my wordpress website, I asked the webhoster for support and this was his reply:

“I could redirect https to get the secure padlock but as the A record of the domain is pointing to cloudflare I suggest you to contact them to manage the SSL of the domain”.

Now where do I go from here?

Thanks in advance!

If you already have a HTTPS certificate through Cloudflare, then you can manage this header via the SSL/TLS tab -> edge certificates:

Heed the warning, it means your website will stop working over non-HTTPS connections.

If you currently don’t have the HTTPS padlock via Cloudflare, you might need to do some config changes (if so, post your domain).

1 Like