So after a bit of playing about, I figured out why I was “only” getting an A grade on the SSL Labs test for this domain, despite it being on the HSTS preload list 🙂
Turns out it was a simple change to the HSTS header:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
to include the “includeSubDomains; preload” part, which is required to get the A+ result on SSL Labs.
Leave a Reply