我加入HSTS头时得到这个警告的萤火。

I am getting this warning in firebug when adding HSTS header.

The site specified an invalid Strict-Transport-Security header.

这是我的htaccess

here is my htaccess

<IfModule mod_headers.c>
    Header append X-FRAME-OPTIONS: SAMEORIGIN
    Header append Strict-Transport-Security: 'max-age=31536000; includeSubDomains'
</IfModule>

当我删除我得到内部服务器错误的值引号。 网站通过HTTPS提供服务，从HTTP重定向到https从Apache的网站文件中设置。 SSL证书是自签名的，如果它很重要。

When I remove quotes from the value I get Internal Server Error. Website is being served through https, redirect from http to https is set from apache's site file. SSL certificate is self-signed, if it matters.

模头已启用。林在Debian 7，Apache 2.2的。

mod headers is enabled. Im on debian 7, apache 2.2.

感谢

推荐答案

由于在评论中提到，同样在我的情况，我建立了网站与信任的SSL证书问题就消失了主域名@jhutar。因此，萤火虫是表示只对错误的自签名（和/或不信任）的SSL证书。

As @jhutar mentioned in comments, similarly in my case as I set up the site on the main domain with trusted SSL certificate the problem disappeared. So, the firebug is showing that error only for self-signed(and/or not-trusted) SSL certificates.