directadmin启用HSTS

For added security, you can tell all clients to always use https, even if there is an http link from somewhere. HSTS will silently change the request to use https without needing to be asked, so at no point is http ever used (except on the first attempt, where the browser is given the header, then never asks again). To set up HSTS, add this to your public_html/.htaccess file:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

上面是DA官方原文,意思是在目录public_html/.htaccess文件中加入上面的代码就可以拉,启用HSTS之后,你不能再以http访问了。

Note: This means you cannot connect to http again, even if you wanted to, 
so this usually only applies to sites that only ever use https, and never want http.

 

About the Author

Avatar photo

今生在线

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据