I have this website set up:
http://website1.com/ – returns
301 Moved Permanently and redirects to http://www.website1.com/.
http://www.website1.com/ – returns 301
Moved Permanently and redirects to https://www.website2.com/.
https://www.website2.com/ – returns
200 OK and has this in the response:
strict-transport-security: max-age=31536000; includeSubDomains
I have this subdomain running a web app:
This also has the following header in the response:
Strict-Transport-Security: max-age=31536000; includeSubDomains
I want to have preload functionality for all sub domains of website1.com/.
However, I get the following errors when checking eligibility:
Error: No HSTS header Response error: No HSTS header is present on the response. Error: HTTP redirects to www first http://website1.com (HTTP) should immediately redirect to https://website1.com (HTTPS) before adding the www subdomain. Right now, the first redirect is to http://www.website1.com/. The extra redirect is required to ensure that any browser which supports HSTS will record the HSTS entry for the top level domain, not just the subdomain.
The first error is easy, I can just add the HSTS header.
But why does it matter that there’s a redirect?
All I want is for http://subdomain.website1.com/ to make an internal redirect to https://subdomain.website1.com/.
Can’t http://website1.com make an internal redirect to https://website1.com, regardless of the fact that it redirects to www.website1.com/?