如何使用HTTP禁用HSTS标头？ [英] How to disable HSTS header with HTTP?

问题描述

我已将以下内容插入到我网站的.htaccess中，以便加入 HSTS预加载列表：

I have inserted the following in the .htaccess of my site in order to be admitted to the HSTS preload list:

<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"   
</ifModule>

问题在于，当我提交我的网站时，我获得：

The problem is that when I submit my site, I obtain:

警告：HTTP上不必要的HSTS标头。

的HTTP页面http：//fabriziorocca.it发送HSTS标头。这对
HTTP没有影响，应该删除。

Warning: Unnecessary HSTS header over HTTP. The HTTP page at http: //fabriziorocca.it sends an HSTS header. This has no effect over HTTP, and should be removed.

目前我在.htaccess中使用以下内容为了从http切换到https：

At the moment I use the following in the .htaccess in order to switch from http to https:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

如何解决问题？

提前谢谢。

推荐答案

在您的重定向规则下面添加代码：

Below your redirect rules add the code:

Header always set Strict-Transport-Security "max-age=31536000; 
includeSubDomains; preload" env=HTTPS

这篇关于如何使用HTTP禁用HSTS标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！