No-Encryption-Found/EN/Solution Tips: Unterschied zwischen den Versionen
Zeile 1: | Zeile 1: | ||
+ | If the connection to your page is not encrypted, all communication between your site and its users can be intercepted and manipulated. | ||
+ | |||
max-age=63072000; includeSubdomains; | max-age=63072000; includeSubdomains; | ||
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate. | HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate. |
Version vom 3. April 2019, 16:05 Uhr
If the connection to your page is not encrypted, all communication between your site and its users can be intercepted and manipulated.
max-age=63072000; includeSubdomains; HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.
--snip
# Activate HTTP Strict Transport Security (HSTS) # Required: "max-age" # Optional: "includeSubDomains"
Header set Strict-Transport-Security "max-age=31556926; includeSubDomains"
--snap
Here is an example of an .htaccess file which will set the Header Scanner to green. (.htaccess example)