Find centralized, trusted content and collaborate around the technologies you use most.
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Is there any way to use a Strict-Transport security header on a site but still have non-ssl sub-domains?
你可以只设置Strict-Transport-Security没有includeSubDomains. 例如,如果您设置Strict-Transport-Security: max-age=31536000为https://example.com,则浏览器不会对nonsslsub.example.com.
Strict-Transport-Security
includeSubDomains
Strict-Transport-Security: max-age=31536000
https://example.com
nonsslsub.example.com