Home Forums Really Simple SSL pro The header must contain the `includeSubDomains` and `preload` directive.

  • This topic has 3 replies, 1 voice, and was last updated 1 month ago by Mark.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #226480 Reply
    joshua janzen
    Participant

    I’ve been working tirelessly trying to get my wordpress secure when loading from a Google Search. I have purchased the Premium plugin as well. When I run the plugin scan, it’s telling me everything is good. However, when I use this tool from Google: , saying these are the errors: The header must contain the includeSubDomains and preload directive. How do I fix? thank you

    #226482 Reply
    Rogier
    Keymaster

    Hi Joshua,

    This is from hstspreload.org, the most likely cause is that you have not enabled the “preload” option in settings/ssl/settings yet. Can you try checking that option (which appears after enabling HSTS)?

    #368100 Reply
    Steven Ganz
    Guest

    Can I configure this tool to not set includeSubDomains?

    #368108 Reply
    Mark
    Keymaster

    Hi Steven,

    if you enable the regular HTTP Strict Transport Security option the includeSubDomains directive won’t be set. It’s only added when the ‘Configure your site for the preload list’ option has been enabled. If you disable that option, the includeSubDomains directive should be removed from the header.

    Mark

Viewing 4 posts - 1 through 4 (of 4 total)
Reply To: The header must contain the `includeSubDomains` and `preload` directive.
Your information: