戻る
-
タイトル
HTTP Strict-Transport-Security (HSTS) header not used -
説明
HTTP Strict-Transport-Security (HSTS) header not used -
対策
Ensure that all application communications occur over HTTPS
Enable HSTS header to ensure that browsers enforce HTTPS data transfers.
Configure HSTS on IIS 7/81. Run the IIS manager.2. Select your site.3. Select HTTP REsponse Headers.4. Click on Add in the Actions section.5. In the Add Custom HTTP Response Header dialog, add the following values: For Name: Strict-Transport-Security. For Value: max-age=15552001; includeSubDomains; preload"The HTTP Strict-Transport-Security response header (often abbreviated as HSTS) lets a web site tell browsers that it should only be accessed using HTTPS, instead of using HTTP. -
追加情報
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security