1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello,
I would suggest to introduce CloudFront and put the LB behind it. CloudFront allows you to set that header https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-http-security-headers/
Other benefits from CF is edge locations + low latency bare backbone AWS network, caching and last but not least could help in case of you are under DDoS attack.
답변함 일 년 전
As per the definition of HSTS, "HTTP Strict Transport Security (HSTS) is an HTTP header that notifies user agents to only connect to a given site over HTTPS, even if the scheme chosen was HTTP." I already redirect http request to https with 301 code in the ELB hence http is literally not possible. Isn't that suffice?
관련 콘텐츠
AWS 공식업데이트됨 일 년 전
There is a good answer for this on stackoverflow: https://stackoverflow.com/a/51906978/2430241