Apache:設定Strict Transport Security 的header

步驟如下:

1.開啟 apache headers
sudo a2enmod headers

2.
設定 /etc/apache2/conf-available/security.conf ,加上 header 設定

語法基本如下:
Strict-Transport-Security: max-age=
Strict-Transport-Security: max-age=; includeSubDomains
Strict-Transport-Security: max-age=; preload

可直接複製下面貼到security.conf:

Header always set Strict-Transport-Security "max-age=31536000;includeSubdomains; preload"

3.重開apache
sudo service apache2 reload

參考文章:
[apache] apache 設定 HSTS ( HTTP Strict Transport Security )

Strict-Transport-Security