Skip to content

I suggest you...

← Feature Suggestions

Redirect to https and only after to www when HSTS and www prefered domain are enabled

Hello, it would be good if Plesk can redirect to https and only after to www when www prefered domain is enabled because when submitting your domain on https://hstspreload.org it gives me this error (I replaced my domain by a fake one obviously)

13 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Anonymous shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Jan commented  ·   ·  Report

    We need this ASAP..

  • Brapion commented  ·   ·  Report

    If only the Plesk developers would implement a feature in it's entirety. The current feature is useless, misleading and not fit for purpose. This bug fix has nothing to do with popularity and needs implementing as a matter of urgency.

  • Julio Vivas commented  ·   ·  Report

    Apart from the security issues flagged before, this is being flagged as an issue on SEO auditing reports. The fix (or a recommended work around) should be implemented as a priority.

  • CP commented  ·   ·  Report

    Can only reiterate the earlier comment: "Implementation of this "feature" should not depend on popularity. It is the only right *and* secure way to redirect from non-www to www domain. If this is not done, then the HSTS header is never sent for the non-www version of the domain, allowing MITM attacks / stripping HTTPS.

    "

  • Anonymous commented  ·   ·  Report

    Implementation of this "feature" should not depend on popularity. It is the only right *and* secure way to redirect from non-www to www domain. If this is not done, then the HSTS header is never sent for the non-www version of the domain, allowing MITM attacks / stripping HTTPS.

    IMHO Plesk should use the secure way by default: redirect from HTTP to HTTPS first (allowing the HSTS header to be sent) and *then redirect from non-www to www.

    If there really are people who wish to not do this, avoid one redirect and immediately redirect to https://www.domain.tld, then allow them to override the secure default. IMHO this is over-optimization, as these days (with HTTP/2) there is not nearly as much overhead as there was before.

    Please fix this if this is not done already. :-)

  • Hans | Pixel Creation commented  ·   ·  Report

    When in Hosting Settings setting the Preferred Domain to anything but "None" and enabling "Permanent SEO-safe 301 redirect from HTTP to HTTPS" Plesk will redirect every request in one go.

    For example, I configure my domain to redirect HTTP to HTTPS and to prefer the absence of "www". When I now request "http://www.example.com/" it will be redirected to "https://example.com/" in one single redirect. According to the Dutch Web application guidelines the server should first redirect to HTTPS and only then redirect to either include or exclude the www subdomain. (see attachment, taken from https://en.internet.nl/)

  • Anonymous commented  ·   ·  Report

    And it also should give the ability to put one year to the max-age var.

Feature Suggestions: Web / SSL

Categories

Feedback and Knowledge Base

(thinking…)