No-Encryption-Found/EN/Solution Tips

Aus Siwecos
Version vom 4. April 2019, 11:14 Uhr von Siwebot (Diskussion | Beiträge)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

If the connection to your page is not encrypted, all communication between your site and its users can be intercepted and manipulated.

max-age=63072000; includeSubdomains; HTTP Strict Transport Security (HSTS) is a web security policy mechanism that is easy to integrate.

# Activate HTTP Strict Transport Security (HSTS)
# Required: "max-age"

# Optional: "includeSubDomains"

Header set Strict-Transport-Security "max-age=31556926; includeSubDomains"

Here is an example of an .htaccess file which will set the Header Scanner to green. (.htaccess example)