A site audit from snyk.io says I really should enable HSTS.
My site uses the free Cloudflare shared SSL certificate, with the SSL/TLS encryption set to Full (Strict), and Always Use HTTPS set to On. I also have a bit in my .htaccess to redirect all traffic to the www subdomain and https. I don’t use any other subdomains other than www.
There’s a hefty warning that enabling HSTS might make my site inaccessible, and the minimum max-age is 1 month. I cannot risk my website being inaccessible for 1 month (who can??)
Is there a way to test if it’ll work without risking 1 month of business??