No-Encryption-Found/EN/Solution Tips

Aus Siwecos
Version vom 4. Juli 2018, 09:10 Uhr von Siwebot (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „max-age=63072000; includeSubdomains; HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate. '''--snip'''<pre>…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

max-age=63072000; includeSubdomains; HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.

--snip

# Activate HTTP Strict Transport Security (HSTS)
# Required: „max-age“
# Optional: „includeSubDomains“
  Header set Strict-Transport-Security „max-age=31556926, includeSubDomains“

--snap

Here is an example of an .htaccess file which will set the HTTP-Security-Header-Scanner to green. (.htaccess-Beispiel)