Sorry if this question was already asked, couldn't find a similar case.
So, we're about to implement HSTS for the domain, say, example.com. Said domain has a couple of different domains that redirect to it, domain1.com and domain2.com.
So:
If we were to enable HSTS for example.com, would it be needed to be enabled for domain1.com and domain2.com, even when they just redirect to the main domain? (I'm assuming yes, but I'm not really sure about it).
Also, we have another similar, related case, but it would be for a subdomain of example.com (which is going to have HSTS), to a site that is non-HSTS.
For example: sub.example.com (where example.com has HSTS enabled, with the option "includeSubDomains") goes to https://www.another-site.com, which doesn't have HSTS enabled.
Would we have to enable HSTS for another-site.com? Would sub.example.com be affected for the HSTS of the core site?
An apology for this if it sounds a little bit unorthodox, it's the first case I've ever faced.
Thanks for your attention and support!
HSTS only applies to the site being loaded.
So if domain1.com redirects to example.com, and example.com has HSTS enabled on it there is no requirement to have HSTS on domain1.com. Otherwise no site would be able to ever enable HSTS!
Similarly sub.example.com (with HSTS) redirects to another-site.com which doesn’t have HSTS then that’s fine too.