HSTS – HTTP Strict Transport

If your SSL environment is using HSTS (HTTP Strict Transport) with a max age usually six months to a year. HSTS automatically redirects HTTP requests to HTTPS for the target domain for a lengthy period of time. HSTS supported browsers store this max age data. One way to bypass this is by setting the HTTP Strict Transport max age to 0 (Zero). By setting this max age to 0 this will allow a site to switch between both HTTPS and HTTP pages without the possibility of being stuck in HTTPS or a redirect loop.

Place this code into the .htaccess file to override the default HSTS max age setting. This will also replace all clients previously stored browser max age data.


Leave a Reply

Your email address will not be published. Required fields are marked *