For added security, you can tell all clients to always use https, even if there is an http link from somewhere. HSTS will silently change the request to use https without needing to be asked, so at no point is http ever used (except on the first attempt, where the browser is given the header, then never asks again). To set up HSTS, add this to your public_html/.htaccess file:
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
上面是DA官方原文,意思是在目录public_html/.htaccess文件中加入上面的代码就可以拉,启用HSTS之后,你不能再以http访问了。
Note: This means you cannot connect to http again, even if you wanted to,
so this usually only applies to sites that only ever use https, and never want http.
