In our continuing efforts to improve security for all Netlify sites, we are making a change to the Strict-Transport Security (HSTS) header. In addition to the existing value
max-age=31536000, we will be adding the values
preload in the near future
Since all sites are automatically routed to use HTTPS, this should not cause any issues.
includeSubDomainsforces HTTPS security attributes on all sub-domains of a site, such as Content Security Policy (CSP).
preloadensures that the HTTPS security attributes are loaded into the browser or client before visiting a site
Ask us for help!
Please feel free to reach out with questions and we will do our best to answer.