SSL It! Add HSTS preload options for the domain and allow the choice www or non-www domain name
For this extension to be truly useful in regards to adding HSTS to a domain it needs to provide the options necessary to implement it in a way that meets the requirements for preloading.
So it needs to:
1) have an option to add the preload directive.
2) allow for the choice www or non-www domain name by performing the proper redirects to meet the requirements for preloading. Even if it means instructing the client to manually set the "Preferred domain" to "None" as part of the process then having the client return to the extension and then the extension can add the necessary redirects.
What I wanted, was to be able to do it from inside the SSL it! extension.
Since the extension offers the option of adding HSTS I would think it would also provide the options necessary for adding HSTS in a way that meets the requirements for the domain to be preloaded.
-
Stefan Brauner commented
It would be great to see that feature in the future. Currently I have to disable HSTS in the Plesk Panel, disable the prefered www and then set the HSTS header with preload and the redirection to www in the nginx for each domain manually, because otherwise there is no HSTS header for the non-www-Page.
It would be great if it would be possible to set the preload directive, max age 1 year (6 years is not enough for preloading and I want to avoid 2 years) and the header set before the redirection to the prefered choicee (www or not)