From 7ef336f99d49014f49abb25d4770883060aaf8ad Mon Sep 17 00:00:00 2001 From: Gunnstein Lye <289744+glye@users.noreply.github.com> Date: Tue, 3 Dec 2024 14:03:50 +0100 Subject: [PATCH] includeSubDomains MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Tomasz DÄ…browski <64841871+dabrt@users.noreply.github.com> --- .../security/security_checklist.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/infrastructure_and_maintenance/security/security_checklist.md b/docs/infrastructure_and_maintenance/security/security_checklist.md index d5395cc735..0537e06821 100644 --- a/docs/infrastructure_and_maintenance/security/security_checklist.md +++ b/docs/infrastructure_and_maintenance/security/security_checklist.md @@ -248,7 +248,7 @@ When using [[= product_name_cloud =]], you can [set the minimum TLS version in ` HSTS forces clients to always communicate with your site over HTTPS. [Most browsers support this](https://caniuse.com/stricttransportsecurity), and there is no downside for browsers that don't. Read the requirements and instructions at [hstspreload.org](https://hstspreload.org/) before you enable HSTS. -Make sure to also include subdomains using the `includeSubDomains` setting. +Make sure to also include subdomains by means of the `includeSubDomains` setting. When using [[= product_name_cloud =]], you can [configure HSTS in .platform/routes.yaml](https://docs.platform.sh/define-routes/https.html#enable-http-strict-transport-security-hsts).