I set the headers in netlify.toml file to enable HSTS as shown in the link HTTPS (SSL) | Netlify Docs
for = “/*”
Testing = “MP”
Strict-Transport-Security = “max-age=63072000; includeSubDomains; preload”
StrictTransportSecurity = “max-age=63072000; includeSubDomains; preload”
And I’ve also given additional custom headers just to check whether custom headers are actually being added by Netlify or not. But Netlify is adding all the custom headers except the required one i.e. Strict-Transport-Security = “max-age=63072000; includeSubDomains; preload”, I’m not sure why it’s omitting the HSTS custom header in the deployment post-processing. I tested the same by creating a dummy site with the same netlify.toml config, it’s working over there. This is the dummy site https://custom-headers-test.netlify.app/ where HSTS custom header working just fine. I have no clue why the HSTS custom header getting omitted in my case for the site granica.ai.
I’m looking for help over here.