Thank you so much for your help! Are you able to see this page: redacted If so, can you tell me whether I need/should enable HSTS? could any problem be caused by doing that? FYI: my website is my business life, so I cannot risk any problems-- could any problem be caused if I enable that? would it keep legitimate potential clients from viewing the site? Do I need to check with my webhost first to see what they have? any danger of a conflict with what they have?
HSTS forces all connections with your website to use HTTPS and thus comes with an additional security benefit. The biggest downside of HSTS is that if your website doesn’t have a valid SSL/TLS certificate, your website will be unavailable to be visited for at least the max-age value you have set in your HSTS policy (but potentially even longer, such as when your domain is on browsers’ HSTS preload lists).