HSTS warninh
I am using built-in cloudflare functionality for HSTS, the hstspreload.com says "Warning: Unnecessary HSTS header over HTTP
The HTTP page at http://domain.com sends an HSTS header. This has no effect over HTTP, and should be removed."
HTTP to HTTPS enabled
3 Replies
Cloudflare's HSTS setting doesn't do that as far as I can see. I assume that's coming from your origin/host behind Cloudflare. It's just a warning though
I am using cloudlfare pages. Would you mind checking out the website? (Sent it in direct messages)
You've got a modify response headers transform rule adding all those potentially
You could throw the url through trace under account https://dash.cloudflare.com/?to=/:account/trace/search and see all it hits