No-Encryption-Found/EN/Solution Tips: Unterschied zwischen den Versionen

Aus Siwecos
Wechseln zu: Navigation, Suche
 
Zeile 4: Zeile 4:
 
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.
 
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.
  
'''--snip'''<pre>
+
# Activate HTTP Strict Transport Security (HSTS)
# Activate HTTP Strict Transport Security (HSTS)
+
# Required: "max-age"
# Required: "max-age"
+
# Optional: "includeSubDomains"</pre>
# Optional: "includeSubDomains"</pre>
+
'''Header set Strict-Transport-Security "max-age=31556926; includeSubDomains"'''
  '''Header set Strict-Transport-Security "max-age=31556926; includeSubDomains"'''
 
'''--snap'''
 
  
 
Here is an example of an .htaccess file which will set the '''Header Scanner''' to green.
 
Here is an example of an .htaccess file which will set the '''Header Scanner''' to green.
 
([[Htaccess/EN|.htaccess example]])
 
([[Htaccess/EN|.htaccess example]])

Aktuelle Version vom 4. April 2019, 11:14 Uhr

If the connection to your page is not encrypted, all communication between your site and its users can be intercepted and manipulated.

max-age=63072000; includeSubdomains; HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.

# Activate HTTP Strict Transport Security (HSTS)
# Required: "max-age"

# Optional: "includeSubDomains"

Header set Strict-Transport-Security "max-age=31556926; includeSubDomains"

Here is an example of an .htaccess file which will set the Header Scanner to green. (.htaccess example)