1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Hello,
I would suggest to introduce CloudFront and put the LB behind it. CloudFront allows you to set that header https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-http-security-headers/
Other benefits from CF is edge locations + low latency bare backbone AWS network, caching and last but not least could help in case of you are under DDoS attack.
beantwortet vor einem Jahr
As per the definition of HSTS, "HTTP Strict Transport Security (HSTS) is an HTTP header that notifies user agents to only connect to a given site over HTTPS, even if the scheme chosen was HTTP." I already redirect http request to https with 301 code in the ELB hence http is literally not possible. Isn't that suffice?
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 6 Monaten
- AWS OFFICIALAktualisiert vor einem Jahr
There is a good answer for this on stackoverflow: https://stackoverflow.com/a/51906978/2430241