HSTS and HPKP are not detected on my domain dhautefeuille.eu with Qualys SSL Labs tool but they are fully detected with SSL Decoder tool. Why?
I'm using Nginx 1.9.5 mainline edition with HTTP2 enabled.
Thanks in advance,
the headers are sent for dhautefeuille.eu, but not for www.dhautefeuille.eu (which returns a 404 error).
Thanks. So I created an issue. Support scan of non-www domains with wildcard DNS record · Issue #239 · ssllabs/ssllabs-scan · GitHub
Hi, this is not an issue. Because most user enter www if you do not secure this it leave an MitM gap open.
So instead of create an issue here correct the handling on your www domain. if you use wildcard domain make
sure all subdomains work correctly.
Ok I removed wildcard DNS record for now.
Retrieving data ...