HSTS enabled, but not documented.

  • Resolved MACscr

    (@macscr)


    1 year, 2 months ago

    So appears that your additional headers setting that says it does a few different things also enabled HSTS (though it never mentions it), not only that, but also includes it for all subdomains too. Wasted many hours trying to figure out why another server that is not related, but does use a subdomain was having issues and found out this setting/package on the main site was the culprit. Why is this not documented and dont you think its a bit overreaching as well?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support SergeM

    (@serge00)

    Hello @macscr,

    I’ve transferred your questions to the programmer staff. Please, wait for our reply up to 3 business days.

    Plugin Support SergeM

    (@serge00)

    Thank you for waiting.

    The header Strict-Transport-Security is needed to forcefully use HTTPS.

    You can disable the option “Send additional HTTP headers” in the plugin settings:
    ? WordPress Admin Page → Settings → Security by CleanTalk → General Settings → set “Send additional HTTP headers” to “Off” → Save Changes.

    Did it help you?

    Plugin Support dimitrycleantalk

    (@dimitrycleantalk)

    Hello,

    We haven’t received your reply in a few days, so I’m going to mark this topic as “resolved”.
    If you have any further questions, you can start a new topic anytime.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘HSTS enabled, but not documented.’ is closed to new replies.