1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello,
I would suggest to introduce CloudFront and put the LB behind it. CloudFront allows you to set that header https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-http-security-headers/
Other benefits from CF is edge locations + low latency bare backbone AWS network, caching and last but not least could help in case of you are under DDoS attack.
répondu il y a un an
As per the definition of HSTS, "HTTP Strict Transport Security (HSTS) is an HTTP header that notifies user agents to only connect to a given site over HTTPS, even if the scheme chosen was HTTP." I already redirect http request to https with 301 code in the ELB hence http is literally not possible. Isn't that suffice?
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 6 mois
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 2 ans
There is a good answer for this on stackoverflow: https://stackoverflow.com/a/51906978/2430241