I need to update my Strict-transport-security headers with maxage, includeSubdomains and preload. Can you do this without Shopify Plus?
Topic summary
A user needs to modify their Strict-Transport-Security (HSTS) headers to include specific directives: max-age, includeSubdomains, and preload. They’re asking whether this is possible without a Shopify Plus subscription.
Current Status:
- Initial response suggested contacting Shopify support directly for security-related modifications
- User reports that Shopify support redirected them back to the community forum
Key Question:
Whether non-Plus merchants can customize HTTP security headers on Shopify stores remains unanswered. The discussion appears ongoing with no resolution yet provided.
Hi @kcampbellreman , thanks for reaching out.
I checked your issue and would like to inform you that for security concerns, I recommend you contact the Shopify support team directly. They can provide you with more details on Shopify’s security policies and whether any adjustments can be made for your store.
Thanks for your understanding in this matter and I hope my information is helpful to you.
Liz
Thank you for responding. I contacted Shopify support and they directed me to the community.