我正在尝试将 Strict-Transport-Security 标头添加到我的网络根目录中的.htaccess文件中。添加并重新加载我的网站后,我无法在响应标头中看到它。为了记录,我的重写是有效的。只是不确定为什么标题不是..如果重要,我通过GoDaddy使用VPS。难道我做错了什么?这是我的 .htaccess :
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
<IfModule mime_module>
AddType application/x-httpd-ea-php70 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Options -Indexes
答案 0 :(得分:0)
尝试使用expressions:
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" "expr=%{HTTPS} == 'on'"