.htaccess – 如何使用HTTP禁用HSTS标头?

我已经在我的网站的.htaccess中插入以下内容以便被录取到
HSTS preload list

<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"   
</ifModule>

问题是,当我提交我的网站时,我获得:

Warning: Unnecessary HSTS header over HTTP.
The HTTP page at
http: //fabriziorocca.it sends an HSTS header. This has no effect over
HTTP, and should be removed.

目前我在.htaccess中使用以下内容以便从http切换到https:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

我该如何解决这个问题?

先感谢您.

最佳答案 试试:

<ifModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" "expr=%{HTTPS} == on"
</ifModule>

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
点赞