HSTS on the root domain
We are experiencing some redirection issues we have no control over as they are done in the root domain.
http://oldsite.com redirects to https://www.oldsite.com then finally to https://www.newsite.com
The redirection should be as follows:
http://oldsite.com -> https://oldsite.com -> https://www.newsite.com
Please update Optimzely’s configuration to do these redirects properly
Pika Remskar
shared this idea
-
Lars Friman
commented
I can't stress enough that this needs to work as suggested above and in the comments.
-
Johan Kronberg
commented
It would also be nice if the DXP redirect service supported HTTP/3 QUIC.
-
Kristoffer Palm
commented
The DXP redirect service (used for redirecting apex domains like example.com to www.example.com) does not return an HSTS header. Because this response comes from Optimizely’s infrastructure, we cannot configure or enforce Strict-Transport-Security on our root domain.
As a result, the apex domain remains accessible over HTTP, which exposes end users to potential downgrade attacks on first visit and prevents use of includeSubDomains; preload on the main domain.
To support full HTTPS enforcement and align with modern security standards, we request tenant-level support for HSTS headers on redirect domains.
-
Pika Remskar
commented
We are experiencing some redirection issues we have no control over as they are done in the root domain.
http://oldsite.com (https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Foldsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024645140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nob3DTA4vTMb6cvlscR0PmJZCihkBWMhE4TOHBmhcjc%3D&reserved=0 redirects to https://www.oldsite.com (https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oldsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024645140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zqkArtDNZ%2FbLnA0E9NdRm9H1p5B2khtzKQehmcaZtek%3D&reserved=0 then finally to https://www.newsite.com (https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.newsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024645140%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gmzjMMPsRMJKZLWJvmk8hU99VoNsCRE3CLV6K3EU%2FA4%3D&reserved=0
The redirection should be as follows:
http://oldsite.com (https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Foldsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024801381%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=S50K6zYzRvAJvQdcoSyaJJ0UAA0HlQjqX7oZ9lKwJ4U%3D&reserved=0 -> https://oldsite.com (https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Foldsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024801381%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=kT97VYMO4WVFAeNBFT8jK5BGnOhbC6xPzTjgleWQsRk%3D&reserved=0 -> https://www.newsite.com (https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.newsite.com%2F&data=05%7C01%7Cpremskar%40loftware.com%7C5cd2e865d2ae45d8413c08daf96291b4%7C660b34e9779f4c2ca215b4c1985ae9ab%7C0%7C0%7C638096499024801381%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=MfOcTeyPQCfYQlzyAEYYuokbyrju78K3587JrYBj3Y4%3D&reserved=0
Please update Optimzely's configuration to do these redirects properly