{
"errors": [
{
"code": "header.preloadable.include_sub_domains.missing",
"summary": "No includeSubDomains directive",
"message": "The header must contain the `includeSubDomains` directive."
},
{
"code": "header.preloadable.preload.missing",
"summary": "No preload directive",
"message": "The header must contain the `preload` directive."
}
],
"warnings": [
{
"code": "header.parse.empty_directive",
"summary": "Empty directive or extra semicolon",
"message": "The header includes an empty directive or extra semicolon."
}
]
}
I noticed when probing https://hstspreload.org/api/v2/preloadable?domain=internet.nl because of:
1016
it returned:
The errors are correct, but notice the "The header includes an empty directive or extra semicolon.". In terms of specs HTTP Strict Transport Security (HSTS) - 6.1. Strict-Transport-Security HTTP Response Header Field - RFC 6797 it is allowed, but it kind of implies a directive, I think it would be cleaner to remove the extra semicolons.
See: https://github.com/internetstandards/Internet.nl/blob/a469e4c151c1740d3f69e36235bc854b0099004a/docker/webserver/nginx_templates/app.conf.template#L156 https://github.com/internetstandards/Internet.nl/blob/a469e4c151c1740d3f69e36235bc854b0099004a/docker/webserver/nginx_templates/app.conf.template#L188 https://github.com/internetstandards/Internet.nl/blob/a469e4c151c1740d3f69e36235bc854b0099004a/docker/webserver/nginx_templates/app.conf.template#L318