Enabling HSTS

You may want to enable HSTS (HTTP Strict Transport Security) headers for your redirects to improve security.

If enabled, we will send the Strict-Transport-Security header on your redirects. The default header if enabled it:

Strict-Transport-Security: max-age=31536000; preload

If HSTS is enabled, we will also automatically upgrade your request to HTTPS first before executing the redirect itself. This improves security by keeping it on the same hostname on the HTTPS upgrade.

When enabling HSTS, you may define your own max age, include subdomains & preload parameters. By using the max-age field, you can phase in HSTS over your domains in a safer way.

HSTS can be enabled on team level to set it for all domains.

General HSTS options

Or you can overrule the team default setting for a specific domain.

Inherit HSTS

We only recommend enabling this if you know what the implications for your domain it has.

More articles

Can’t find the answer you’re looking for?

E-mail us
Start a chat
Online 9:00 - 21:00 CEST
Available with Enterprise
Pricing Background
Domain redirects delivered hassle-free

Get started right away

  • Free plan
  • No creditcard required

you need