We can use includesubdomains with the add_header in Nginx to specify that a particular security header should be applied to all subdomains of the main domain. Bobcares, as a part of our Server Management Service offers solutions to every query that comes our way.

The includesubdomains with the add_header in Nginx

The includesubdomains parameter in Nginx ensures that a security header applies to all subdomains of a main domain. The add_header Directive adds custom headers to the server’s response for a specific domain or location. This Parameter when used with a security header tells browsers to enforce that header for all subdomains.

The Strict-Transport-Security (HSTS) header is a common example of how includesubdomains are used. HSTS tells browsers to only connect to a website via HTTPS. By including includesubdomains in the HSTS header setup, we can ensure that all subdomains of the main domain uses HTTPS connections. This inturns improves overall security.

An Example

Here,

HTTPS Setup: Setup HTTPS for example.com.

HSTS Header:

max-age=31536000: Tells browsers to enforce HTTPS for one year.

includesubdomains: Applies this policy to all subdomains (e.g., www.example.com, mail.example.com).

preload: Asks browsers to preload this policy for extra security.

always: Ensures the header is always present, regardless of the response status.

[Need to know more? Click here to reach us.]

Conclusion

Before carrying out HSTS with includesubdomains, we must ensure that all subdomains have valid SSL certificates setup. Here, we explain more about the includesubdomains with the add_header in Nginx.