'Header Strict-Transport-Security
When I add the header Strict-Transport-Security to my .htaccess file, in Apache, must the browser block all HTTP requests?
Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
Solution 1:[1]
When I add the header Strict-Transport-Security to my .htaccess file, in Apache, must the browser block all HTTP requests?
No it will not block them, it will instead automatically convert them to HTTPS before sending them.
But only after it’s got that instruction to use HSTS.
Also if you stop supporting HTTPS then you will not be able to connection to your site using HTTP as the browser will convert all the requests to HTTPS.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Barry Pollard |