Home Forums Really Simple SSL pro The header must contain the `includeSubDomains` and `preload` directive.

  • This topic has 3 replies, 1 voice, and was last updated 1 month ago by Mark.
Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
  • #226480 Reply
    joshua janzen

    I’ve been working tirelessly trying to get my wordpress secure when loading from a Google Search. I have purchased the Premium plugin as well. When I run the plugin scan, it’s telling me everything is good. However, when I use this tool from Google: , saying these are the errors: The header must contain the includeSubDomains and preload directive. How do I fix? thank you

    #226482 Reply

    Hi Joshua,

    This is from hstspreload.org, the most likely cause is that you have not enabled the “preload” option in settings/ssl/settings yet. Can you try checking that option (which appears after enabling HSTS)?

    #368100 Reply
    Steven Ganz

    Can I configure this tool to not set includeSubDomains?

    #368108 Reply

    Hi Steven,

    if you enable the regular HTTP Strict Transport Security option the includeSubDomains directive won’t be set. It’s only added when the ‘Configure your site for the preload list’ option has been enabled. If you disable that option, the includeSubDomains directive should be removed from the header.


Viewing 4 posts - 1 through 4 (of 4 total)
Reply To: The header must contain the `includeSubDomains` and `preload` directive.
Your information: