因為此網站使用了 hsts_伺服器啟用HSTS–HTTP Strict Transport Security – HTTPS教程
阿新 • • 發佈:2020-12-15
技術標籤:因為此網站使用了 hsts
伺服器啟用HSTS–HTTP Strict Transport Security – HTTPS教程
HTTP Strict Transport Security (簡稱 HSTS) , 是一個安全特性,可以讓一個網站告訴瀏覽器它只能使用HTTPS訪問,而不是使用HTTP。本教程教您如何在伺服器上配置HSTS。
Apache
# 必須載入 headers 模組: LoadModule headers_module modules/mod_headers.so <VirtualHost *:443> Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains;" Header always set X-Frame-Options DENY </VirtualHost> #80埠 301跳轉到HTTPS <VirtualHost *:80> [...] <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> </VirtualHost>
Nginx
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; ";
add_header X-Frame-Options "DENY";
Lighttpd
server.modules += ( "mod_setenv" ) $HTTP["scheme"] == "https" { setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; ") setenv.add-response-header = ( "X-Frame-Options" => "DENY") }