What Is HSTS and How Does It Protect HTTPS From Hackers?

Websites that are missing the includeSubDomains option can expose visitors to privacy leaks by allowing subdomains to manipulate cookies. With includeSubDomains enabled, these cookie-related attacks won’t be possible. computer science computer science computer science computer science computer science computer science

Note: Before adding the one-year max-age, test your entire website with five-minute max-age first using: max-age=300; computer science computer science computer science computer science computer science computer science

Google even recommends that you test your website and its performance (traffic) with a one week, and one month value as well before implementing a two-year max-age.

Five minutes: Strict-Transport-Security: max-age=300; includeSubDomains
One week: Strict-Transport-Security: max-age=604800; includeSubDomains
One month: Strict-Transport-Security: max-age=2592000; includeSubDomains

Making the HSTS Preload List

By now you should be familiar with HSTS and why it is important for your site to use it. Keeping your website visitors safe online should be a key element of your site plan.

Prev3 of 4Next

Leave a Reply

Your email address will not be published. Required fields are marked *