HTTP严格传输安全性（HSTS）是一种安全策略，可帮助防止降级攻击和Cookie劫持。
配置后，Web服务器为Web浏览器强制执行严格的HTTPS连接，也不通过InSecure HTTP协议来执行。

步骤1启用Apache2标题模块

要启用Ubuntu系统上的Apache2头模块，请运行以下命令：

sudo a2enmod headers

第2步：为Apache2启用HSTS

启用Apache2的标题模块后，请查看我们网站的VirtualHost文件并添加以下行。
该行应放在<VirtualHost *：443>和</VirtualHost>之间

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

<VirtualHost *:443>
       # The ServerName directive sets the request scheme, hostname and port
       # the server uses to identify itself. This is used when creating
       # redirection URLs. In the context of virtual hosts, the ServerName
       # specifies what hostname must appear in the request's Host: header to
       # match this virtual host. For the default virtual host (this file) this
       # value is not decisive as it is used as a last resort host regardless.
       # However, you must set it for any further virtual host explicitly.
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</VirtualHost>

Ubuntu系统上的默认SSL文件位于/etc/apache2/sites-enabled/000-default-ssl.conf

将HTTP上的所有流量重定向到HTTPS上。
如果我们希望HSTS与Apache2正确运行，这是必须的。

<VirtulHost *:80>  
. ..  
       RewriteEngine on
       RewriteCond %{SERVER_NAME} =www.example.com [OR]
       RewriteCond %{SERVER_NAME} =example.com
       RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
. 
 </VirtualHost>

保存文件并完成。

重新启动Apache2 Web服务器。

sudo systemctl restart apache2.service