includeSubDomains

includeSubDomains is a directive used in the HTTP Strict Transport Security (HSTS) policy. It signals that the HSTS rule applied to a domain should also apply to all current and future subdomains. When a user agent receives an HSTS header that includes includeSubDomains, it will only access the host and its subdomains over HTTPS for the duration specified by max-age.

Typical syntax appears in the Strict-Transport-Security header, for example: Strict-Transport-Security: max-age=31536000; includeSubDomains. The optional preload directive

Impact and behavior: With includeSubDomains enabled, any subdomain added later must serve content exclusively over HTTPS.

Deployment considerations: Before enabling includeSubDomains, ensure that all subdomains support HTTPS and present valid certificates. This

Disabling: To revoke the policy, set max-age to 0 and remove includeSubDomains, then update all subdomains to