When switching on HSTS, it says something about 'HTTPS support' or 'committed service' - do you mean have an SSL certificate?

This is the small print:

If you need to disable HTTPS on your domain, you must first disable HSTS in your Cloudflare dashboard and wait for the max-age to lapse to guarantee that every browser is aware of this change before you can disable HTTPS. The average max-age is six months (you can set the max-age in the next step). If you remove HTTPS before disabling HSTS your website will become inaccessible to visitors for up to the max-age or until you support HTTPS again. Because disabling HTTPS on an HSTS enabled website can have these consequences, we strongly suggest that you have a committed HTTPS service in place before enabling this feature.

By a committed HTTPS service, do you mean just have an SSL certificate?

What that means is that you should be sure that you will be able to provide your site on HTTPS. Once you enable HSTS, it is difficult to switch to an unencrypted connection. Enable it only, if you know that your site will work on HTTPS and you do not plan to switch to HTTP.

And yes, that also includes a certificate, which you need to have on your server.

2 Likes

Thanks Sandro

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.