๐Ÿ”’
blog.cat.ssl

HSTS header: HTTPS'ni majburiy qilish

12.05.2025
โ† Barcha maqolalar

HSTS (HTTP Strict Transport Security) โ€” brauzer'ga 'Bu sayt har doim HTTPS' deydi. HTTP versiyaga kirish urinishlari avtomatik HTTPS'ga yo'naltiriladi.

Nima uchun kerak?

301 redirect HTTP โ†’ HTTPS yetarli emas. Foydalanuvchi http://sayt.uz yozsa โ€” brauzer HTTP versiyaga ulanadi (man-in-the-middle hujum mumkin), keyin HTTPS'ga o'tadi. HSTS โ€” bunday ulanishni butunlay oldini oladi.

Server javobi (HTTP header)

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

Parametrlar

max-age โ€” sekundlarda muddat. 31536000 = 1 yil. Brauzer shu davomida har doim HTTPS ishlatadi.
includeSubDomains โ€” subdomainlar uchun ham.
preload โ€” HSTS Preload List'ga qo'shilgan (eng kuchli).

HSTS Preload List

hstspreload.org โ€” Google ro'yxati. Sayt qo'shilgach Chrome, Firefox, Safari, Edge โ€” barcha brauzerlar HTTPS-only deb biladi. Birinchi tashrifda ham.

Apache

Header always set Strict-Transport-Security 'max-age=31536000; includeSubDomains'

Nginx

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always;

Sayt.uz

Cabinet โ†’ SSL โ†’ HSTS โ€” yoqib qo'yish. Yoki .htaccess'ga qo'shish.

Diqqat

HSTS yoqilganidan keyin HTTP versiyaga qaytish murakkab. Brauzer cache'da saqlanadi. Test muhitda diqqat bilan ishlating.

Test

SSL Labs SSL Test โ€” HSTS yoqilganmi ko'rsatadi. securityheaders.com โ€” har header tahlil.

O'xshash maqolalar

๐Ÿ“ฑ SSL pinning: mobil ilovalarda MITM hujumlardan himoyaning eng samarali usuli ๐Ÿค SSL handshake jarayoni: TLS muloqotining ichki mexanikasi va bosqichlari ๐Ÿ”“ HTTPS yashil qulf yo'qoldi: sabablar ro'yxati va bosqichma-bosqich tuzatish โฐ SSL sertifikat muddatini kuzatish: monitoring tizimlari va ogohlantirish xizmatlari
๐ŸŒ Til
๐Ÿ‡บ๐Ÿ‡ฟ O'zbek โœ“ ๐Ÿ‡บ๐Ÿ‡ฟ ะŽะทะฑะตะบ ๐Ÿ‡ท๐Ÿ‡บ ะ ัƒััะบะธะน ๐Ÿ‡ฌ๐Ÿ‡ง English