Municipal Websites Central supports the addition of HSTS (HTTP Strict Transport Security) headers.
Considerations
Once HSTS (HTTP Strict Transport Security) is on, it cannot be easily turned off. This is due to the max-age directive of HSTS. Turning it off will not have any effect until the maximum age is reached.
It is generally recommended that the maximum age be 1 year or more.
Once a machine visits a domain with HSTS headers present, that machine will only be able to access that domain's site over HTTPS.
If the SSL on your site expires, the site will be inaccessible until a new SSL is installed. There is no way to bypass the SSL warnings when HSTS is on.
If you are ready to have HSTS enabled, please contact our Support team. Acknowledge in the ticket that you understand the risks outlined in this article.
Note:
HSTS can only be enabled for sites on Platinum Security.