Jump to content

SSL Issue with "Not Secured"

Recommended Posts

My expectation that is anyone enters just the domain, or even http://domain that it would automatically redirect to https://domain.

We have confirmed that SSL is active for the site and HSTS is enabled.

But, for some browsers (Safari, Chrome) we notice that the Strict-Transport-Security header is not returned when addressing the base domain without the https:// prefix.


Notice also that some browsers (looking at you firefox) automatically do this for every request from the browser. Interestingly, squarespace does return the strict-transport-security header in this case.

So, why is Squarespace not sending that header when https:// in not specified and we have very clearly enabled HSTS.

Link to comment
  • Replies 0
  • Views 1.2k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Create an account or sign in to comment

You need to be a member in order to leave a comment

  • Create New...

Squarespace Webinars

Free online sessions where you’ll learn the basics and refine your Squarespace skills.

Hire a Designer

Stand out online with the help of an experienced designer or developer.