Skip to content

Add Strict-Transport-Security header to GitHub Page #142836

Answered by ersinpw
jzazo asked this question in Pages
Discussion options

You must be logged in to vote

I see that your question is not answered. If you’re using GitHub Pages for your static site and you've run into warnings about the missing Strict-Transport-Security (HSTS) header, you're not alone. Since GitHub Pages doesn’t directly support custom headers like HSTS, even if HTTPS is enforced, web scanners will still flag it.

So, how can you add security headers to a GitHub Pages site built with mkdocs?

Here are two options:

1. Use a Custom Domain with Cloudflare

A straightforward way to add HSTS headers is by using a custom domain in combination with Cloudflare. With Cloudflare’s free plan, you can add HSTS and other headers easily through the Cloudflare dashboard. This approach also bri…

Replies: 1 comment 3 replies

Comment options

You must be logged in to vote
2 replies
@jzazo
Comment options

@danmarshall
Comment options

Answer selected by jzazo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Pages Host a static website, right from your repo Question
3 participants