如何使用HTTP禁用HSTS标头? [英] How to disable HSTS header with HTTP?
本文介绍了如何使用HTTP禁用HSTS标头?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我已将以下内容插入到我网站的.htaccess中,以便加入 HSTS预加载列表:
I have inserted the following in the .htaccess of my site in order to be admitted to the HSTS preload list:
<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</ifModule>
问题在于,当我提交我的网站时,我获得:
The problem is that when I submit my site, I obtain:
警告:HTTP上不必要的HSTS标头。
的HTTP页面http://fabriziorocca.it发送HSTS标头。这对
HTTP没有影响,应该删除。
Warning: Unnecessary HSTS header over HTTP. The HTTP page at http: //fabriziorocca.it sends an HSTS header. This has no effect over HTTP, and should be removed.
目前我在.htaccess中使用以下内容为了从http切换到https:
At the moment I use the following in the .htaccess in order to switch from http to https:
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
如何解决问题?
提前谢谢。
推荐答案
在您的重定向规则下面添加代码:
Below your redirect rules add the code:
Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload" env=HTTPS
这篇关于如何使用HTTP禁用HSTS标头?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文