步驟如下:
1.開啟 apache headers
sudo a2enmod headers
2.
設定 /etc/apache2/conf-available/security.conf ,加上 header 設定
語法基本如下: Strict-Transport-Security: max-age=Strict-Transport-Security: max-age= ; includeSubDomains Strict-Transport-Security: max-age= ; preload 可直接複製下面貼到security.conf: Header always set Strict-Transport-Security "max-age=31536000;includeSubdomains; preload"
3.重開apache
sudo service apache2 reload
參考文章:
[apache] apache 設定 HSTS ( HTTP Strict Transport Security )
