Websites using HSTs protocol will ensure that the browser is always connected to the HTTPS encrypted version of the website, and users do not need to manually enter the encrypted address in the URL address bar. The protocol will help the website adopt global encryption, and what users see is the secure version of the website. The role of HSTs is to force clients (such as browsers) to create a connection with the server using HTTPS.

服務(wù)器開啟HSTS的方法是，當(dāng)客戶端通過HTTPS發(fā)出請求時，在服務(wù)器返回的超文本傳輸協(xié)議響應(yīng)頭中包含Strict-Transport-Security字段。非加密傳輸時設(shè)置的HSTS字段無效。

The server enables HSTs by including the strict transport security field in the hypertext transport protocol response header returned by the server when the client sends a request through HTTPS. Invalid HSTs field set for non encrypted transmission.

但有一點(diǎn)需要注意，Strict-Transport-Security中的max-age的時間不能小于15552000。

However, it should be noted that the time of Max age in strict transport security cannot be less than 15552000.

對于Windows server服務(wù)器，打開網(wǎng)站目錄下的 web.config 這個文件，在相應(yīng)的位置添加上針對 https 響應(yīng)的 url 重寫規(guī)則（黑體部分），并保存。

For a Windows server server, open the web.com under the web site directory Config file, Add URL rewriting rules for HTTPS response (in BOLD) at the corresponding location, and save it.

開啟了HSTS后，你部署SSL/TLS的服務(wù)檢測得分就可能是A+以上了。這時候就可以加入HSTS Preload List。

After HSTs is enabled, your service detection score for deploying SSL / TLS may be above a +. At this time, you can add HSTs preload list.

HSTS preload list是Chrome瀏覽器中的HSTS預(yù)載入列表，在該列表中的網(wǎng)站，使用Chrome瀏覽器訪問時，會自動轉(zhuǎn)換成HTTPS。Firefox、Safari、Edge瀏覽器也在采用這個列表。

HSTs preload list is the HSTs preload list in Chrome browser. Websites in this list will be automatically converted to HTTPS when accessed with Chrome browser. Firefox, Safari and edge browsers are also using this list.

進(jìn)入hstspreload官網(wǎng)，輸入你的域名，然后檢測結(jié)果會告訴是否符合加入HSTS Preload List，沒有問題的話勾選確定。

Enter the hstspreload official website, enter your domain name, and then the test results will tell whether it is qualified to join the HSTs preload list. If there is no problem, check OK.

當(dāng)然，加入到了HSTS Preload List后，你可能還需要等待1-2月，待新版本的Chrome和Chromium、Firefox、IE等發(fā)布后，你的域名算是正式被各大瀏覽器承認(rèn)并強(qiáng)制使用Https訪問了。

Of course, after joining the HSTs preload list, you may have to wait from January to February. After the release of the new version of chrome, chromium, Firefox and ie, your domain name is officially recognized by major browsers and accessed by HTTPS.