HTTP Strict Transport Security (HSTS) is a web security protocol promoted by the Institution of Electronics and Telecommunication Engineers (IETE). It forces the client (such as the browser) to use HTTPS to create a link with the server to help encrypt the website globally.
expireTimecan range from 0 to 365 days and is configured in seconds.
includeSubDomainparameter can be controlled by selecting whether or not to include sub-domain names.
Log in to the CDN Console, select Domain Management on the left sidebar, and click Manage to the right of the target domain name to access its configuration page. Then, click the Advanced Configuration tab. In the HTTPS Configuration section, you can see the HSTS configuration item, which is disabled by default:
Toggle the switch to enable this feature and configure it accordingly:
After you click OK, the response header value will be determined according to the configured content. You can click Edit to modify it:
Suppose the HSTS configuration of the domain name
cloud.tencent.com is as follows:
When accessed, its response header is: