Jump to content

Garthoid

Member
  • Posts

    1
  • Joined

  • Last visited

Everything posted by Garthoid

  1. My expectation that is anyone enters just the domain, or even http://domain that it would automatically redirect to https://domain. We have confirmed that SSL is active for the site and HSTS is enabled. But, for some browsers (Safari, Chrome) we notice that the Strict-Transport-Security header is not returned when addressing the base domain without the https:// prefix. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security Notice also that some browsers (looking at you firefox) automatically do this for every request from the browser. Interestingly, squarespace does return the strict-transport-security header in this case. So, why is Squarespace not sending that header when https:// in not specified and we have very clearly enabled HSTS.
×
×
  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.