ssl - Is there anyway I can use Strict-Transport security

Question

Is there any way to use a Strict-Transport security header on a site but still have non-ssl sub-domains?

Answer 1

你可以只设置Strict-Transport-Security没有includeSubDomains. 例如，如果您设置Strict-Transport-Security: max-age=31536000为https://example.com，则浏览器不会对nonsslsub.example.com.