{"id":24441,"date":"2019-03-01T06:55:56","date_gmt":"2019-03-01T05:55:56","guid":{"rendered":"https:\/\/kinsta.com\/?post_type=knowledgebase&#038;p=7833"},"modified":"2025-10-01T20:53:30","modified_gmt":"2025-10-01T19:53:30","slug":"hsts-strict-transport-security","status":"publish","type":"post","link":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/","title":{"rendered":"HSTS &#8211; Comment utiliser HTTP Strict Transport Security"},"content":{"rendered":"<p>S&rsquo;assurer que la s\u00e9curit\u00e9 est correctement configur\u00e9e pour votre site WordPress est tr\u00e8s important, surtout lorsqu&rsquo;il s&rsquo;agit de vous prot\u00e9ger contre les pirates informatiques. Il existe de nombreuses am\u00e9liorations diff\u00e9rentes et les meilleures <a href=\"https:\/\/kinsta.com\/fr\/blog\/securite-wordpress\/\" target=\"_blank\" rel=\"noopener noreferrer\">pratiques de s\u00e9curit\u00e9 WordPress<\/a> que vous pouvez mettre en \u0153uvre pour vous assurer que votre site est verrouill\u00e9. Si votre site WordPress fonctionne sur HTTPS, l&rsquo;une des am\u00e9liorations que nous vous recommandons de mettre en \u0153uvre est l&rsquo;en-t\u00eate de s\u00e9curit\u00e9 HSTS, car cela peut aider \u00e0 pr\u00e9venir les attaques \u201cman-in-the-middle\u201d (MitM) et le d\u00e9tournement de cookie.<\/p>\n<ul>\n<li><a href=\"#hsts-strict-transport-security\">HSTS (Strict Transport Security)<\/a><\/li>\n<li><a href=\"#add-hsts-wordpress\">Comment ajouter le HSTS \u00e0 votre site WordPress<\/a><\/li>\n<li><a href=\"#verify-hsts-header\">V\u00e9rifier l&rsquo;en-t\u00eate HSTS<\/a><\/li>\n<li><a href=\"#hsts-seo\">Impact du HSTS sur le SEO<\/a><\/li>\n<\/ul>\n<h2 id=\"hsts-strict-transport-security\">Qu&rsquo;est-ce que le HSTS (Strict Transport Security) ?<\/h2>\n<p>HSTS signifie <a href=\"https:\/\/en.wikipedia.org\/wiki\/HTTP_Strict_Transport_Security\" target=\"_blank\" rel=\"noopener noreferrer\">HTTP Strict Transport Security<\/a> et a \u00e9t\u00e9 sp\u00e9cifi\u00e9 par l&rsquo;IETF dans la <a href=\"https:\/\/tools.ietf.org\/html\/rfc6797\" target=\"_blank\" rel=\"noopener noreferrer\">RFC 6797<\/a> en 2012. Il a \u00e9t\u00e9 cr\u00e9\u00e9 pour <strong>forcer le navigateur \u00e0 utiliser des connexions s\u00e9curis\u00e9es<\/strong> lorsqu&rsquo;un site fonctionne sur HTTPS. Il s&rsquo;agit d&rsquo;un en-t\u00eate de s\u00e9curit\u00e9 que vous ajoutez \u00e0 votre serveur Web et est refl\u00e9t\u00e9 dans l&rsquo;en-t\u00eate de r\u00e9ponse comme Strict-Transport-Security. Le HSTS est important parce qu&rsquo;il aborde les questions suivantes :<\/p>\n<ul>\n<li>Toute tentative par les visiteurs d&rsquo;utiliser la version non s\u00e9curis\u00e9e (HTTP:\/\/) d&rsquo;une page de votre site sera automatiquement transf\u00e9r\u00e9e vers la version s\u00e9curis\u00e9e (HTTPS:\/\/).<\/li>\n<li>Les anciens signets HTTP et les personnes qui tapent la version HTTP de votre site vous ouvrent aux attaques \u201cman-in-the-middle\u201d. Il s&rsquo;agit d&rsquo;attaques o\u00f9 l&rsquo;agresseur alt\u00e8re la communication entre les parties et leur fait croire qu&rsquo;elles communiquent toujours entre elles.<\/li>\n<li>Ne pas permettre l&rsquo;\u00e9crasement du message de certificat invalide qui, \u00e0 son tour, prot\u00e8ge r\u00e9ellement le visiteur.<\/li>\n<li>D\u00e9tournement de cookie : Cela peut se produire lorsque quelqu&rsquo;un vole un cookie de session sur une connexion non s\u00e9curis\u00e9e. Les cookies peuvent contenir toutes sortes d&rsquo;informations pr\u00e9cieuses telles que des informations de carte de cr\u00e9dit, noms, adresses, etc.<\/li>\n<\/ul>\n<h2 id=\"add-hsts-wordpress\">Comment ajouter le HSTS \u00e0 votre site WordPress<\/h2>\n<p>Techniquement, vous ajoutez le HSTS au serveur Web lui-m\u00eame, qui est ensuite appliqu\u00e9 aux requ\u00eates HTTP sur votre site WordPress. Typiquement, une redirection 301 est ajout\u00e9e lors d&rsquo;une <a href=\"https:\/\/kinsta.com\/fr\/blog\/rediriger-http-vers-https\/\" target=\"_blank\" rel=\"noopener noreferrer\">redirection de HTTP vers HTTPS<\/a>. Google a officiellement dit que vous pouvez utiliser les redirections de serveur 301 ainsi que l&rsquo;en-t\u00eate HSTS ensemble.<\/p>\n<blockquote style=\"margin-left: 30px;font-size: 17px\"><p>Bien que nos syst\u00e8mes pr\u00e9f\u00e8rent la version HTTPS par d\u00e9faut, vous pouvez \u00e9galement le rendre plus clair pour les autres moteurs de recherche en redirigeant votre site HTTP vers votre version HTTPS et en impl\u00e9mentant l&rsquo;en-t\u00eate HSTS sur votre serveur.\u00a0<a href=\"https:\/\/webmasters.googleblog.com\/2015\/12\/indexing-https-pages-by-default.html\" target=\"_blank\" rel=\"noopener noreferrer\">Zineb Ait Bahajji<\/a>, \u00e9quipe de s\u00e9curit\u00e9 Google<\/p><\/blockquote>\n<p>Il existe diff\u00e9rents types de directives ou de niveaux de s\u00e9curit\u00e9 qui peuvent s&rsquo;appliquer \u00e0 l&rsquo;en-t\u00eate HSTS. Ci-dessous se trouve la directive la plus basique qui utilise la directive sur l&rsquo;\u00e2ge maximum. D\u00e9finit le temps en secondes pendant lequel le serveur web ne doit livrer que par HTTPS.<\/p>\n<p><strong>Activer le HSTS dans Apache<\/strong><\/p>\n<p>Ajoutez le code suivant \u00e0 votre fichier hosts virtuel.<\/p>\n<pre><code class=\"language-php\">Header always set Strict-Transport-Security max-age=31536000<\/code><\/pre>\n<p><strong>Activer le HSTS dans NGINX<\/strong><\/p>\n<p>Ajoutez le code suivant \u00e0 votre configuration NGINX.<\/p>\n<pre><code class=\"language-php\">add_header Strict-Transport-Security \"max-age=31536000\";<\/code><\/pre>\n<p>Si vous \u00eates un client Kinsta et que vous souhaitez ajouter l&rsquo;en-t\u00eate HSTS \u00e0 votre site WordPress, vous pouvez ouvrir un <a href=\"https:\/\/kinsta.com\/fr\/docs\/support\/contacter-support\/\" target=\"_blank\" rel=\"noopener noreferrer\">ticket de support<\/a> et nous pouvons l&rsquo;ajouter rapidement pour vous. En fait, il y a des b\u00e9n\u00e9fices au niveau performances \u00e0 l&rsquo;ajout de l&rsquo;en-t\u00eate HSTS. Si quelqu&rsquo;un essaie de visiter votre site via HTTP, au lieu de faire une requ\u00eate HTTP, il est simplement redirig\u00e9 vers la version HTTPS.<\/p>\n<h3>Pr\u00e9chargement du HSTS<\/h3>\n<p>Il y a aussi le pr\u00e9chargement du HSTS. Il s&rsquo;agit essentiellement d&rsquo;obtenir votre site Web et \/ ou domaine sur une liste HSTS approuv\u00e9 qui est effectivement int\u00e9gr\u00e9 dans le navigateur. Google compile officiellement cette liste et elle est utilis\u00e9e par Chrome, Firefox, Opera, Safari, IE11 et Edge. Soumettez votre site \u00e0 la <a href=\"https:\/\/hstspreload.appspot.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">liste de pr\u00e9chargement officielle du HSTS<\/a>.<\/p>\n<figure style=\"width: 1548px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2016\/11\/prechargement-hsts.png\" alt=\"Pr\u00e9chargement HSTS\" width=\"1548\" height=\"1488\"><figcaption class=\"wp-caption-text\">Pr\u00e9chargement HSTS<\/figcaption><\/figure>\n<p>Toutefois, vous devez satisfaire \u00e0 certaines exigences suppl\u00e9mentaires pour \u00eatre admissible.<\/p>\n<ol>\n<li>Le serveur doit poss\u00e9der un certificat SSL\/TLS valide (<a href=\"https:\/\/kinsta.com\/fr\/blog\/tls-vs-ssl\/\">TLS vs SSL : Quelle est la Diff\u00e9rence ?<\/a>).<\/li>\n<li>Redirigez tout le trafic vers HTTPS.<\/li>\n<li>Servez le HSTS sur le domaine de base.<\/li>\n<li>Servez tous les sous-domaines en HTTPS, en particulier le sous-domaine www s&rsquo;il existe.<\/li>\n<li>L&rsquo;expiration doit \u00eatre d&rsquo;au moins 1 an (31536000 secondes)<\/li>\n<li>La directive includeSubdomains token doit \u00eatre sp\u00e9cifi\u00e9e<\/li>\n<li>La directive preload token doit \u00eatre sp\u00e9cifi\u00e9e.<\/li>\n<\/ol>\n<p>Pour ce faire, il faut ajouter les sous-domaines suppl\u00e9mentaires et les directives de pr\u00e9chargement \u00e0 votre en-t\u00eate HSTS. Voici un exemple de l&rsquo;en-t\u00eate mis \u00e0 jour du HSTS.<\/p>\n<pre><code class=\"language-php\">add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\";<\/code><\/pre>\n<p><strong>Je vous pr\u00e9viens :<\/strong> Il peut \u00eatre difficile et long de retirer votre domaine de la liste de pr\u00e9chargement, assurez-vous donc que vous allez utiliser HTTPS pour le long terme.<\/p>\n<h2 id=\"verify-hsts-header\">V\u00e9rifier l&rsquo;en-t\u00eate HSTS<\/h2>\n<p>Il y a quelques fa\u00e7ons faciles de v\u00e9rifier si le HSTS fonctionne sur votre site WordPress. Vous pouvez lancer Google Chrome Devtools, cliquer dans l&rsquo;onglet \u00ab\u00a0R\u00e9seau\u00a0\u00bb et regarder l&rsquo;onglet en-t\u00eates. Comme vous pouvez le voir ci-dessous sur notre site Web Kinsta, la valeur HSTS : \u00ab\u00a0strict-transport-security: max-age=31536000 \u00a0\u00bb est appliqu\u00e9e.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2016\/11\/reponse-http-de-securite-de-transport-strict.png\" alt=\"r\u00e9ponse http de s\u00e9curit\u00e9 de transport strict\" width=\"1462\" height=\"710\"><\/p>\n<p>Vous pouvez \u00e9galement scanner votre site WordPress avec un outil en ligne gratuit comme <a href=\"https:\/\/securityheaders.io\/?q=securityheaders.io&#038;followRedirects=on\" target=\"_blank\" rel=\"noopener noreferrer\">securityheaders.io<\/a> qui vous indiquera si l&rsquo;en-t\u00eate strict de s\u00e9curit\u00e9 de transport est appliqu\u00e9 ou non.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full \" src=\"https:\/\/kinsta.com\/wp-content\/uploads\/2016\/11\/scan-security-headers.png\" alt=\"scan security headers\" width=\"1415\" height=\"565\"><\/p>\n<h3>Support du HSTS par les navigateurs<\/h3>\n<p>Selon Caniuse, la <a href=\"http:\/\/caniuse.com\/#search=hsts\" target=\"_blank\" rel=\"noopener noreferrer\">prise en charge du HSTS par les navigateurs<\/a> est tr\u00e8s forte (plus de 80 % \u00e0 l&rsquo;\u00e9chelle mondiale et plus de 95 % aux \u00c9tats-Unis). La prise en charge du HSTS dans IE11 a \u00e9t\u00e9 ajout\u00e9e en 2015 et actuellement le seul navigateur moderne qui ne le supporte pas est Opera Mini.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2016\/11\/support-du-navigateur-hsts.png\" alt=\"support du navigateur hsts\" width=\"1465\" height=\"829\"><\/p>\n<p>Nous vous recommandons \u00e9galement de lire cet article de Tim Kadlec sur <a href=\"https:\/\/timkadlec.com\/2016\/01\/hsts-and-lets-encrypt\/\" target=\"_blank\" rel=\"noopener noreferrer\">HSTS et Let&rsquo;s Encrypt<\/a>.<\/p>\n<h2 id=\"hsts-seo\">Impact du HSTS sur le SEO<\/h2>\n<p>Une fois que votre site Web est approuv\u00e9 et inclus dans la liste de pr\u00e9chargement du HSTS, vous pourriez remarquer des avertissements de la <a href=\"https:\/\/kinsta.com\/fr\/blog\/google-search-console\/\">Google Search Console<\/a> ou d&rsquo;autres outils de r\u00e9f\u00e9rencement tiers concernant les <a href=\"https:\/\/kinsta.com\/fr\/blog\/redirection-307\/\">redirections 307<\/a>. C&rsquo;est parce que lorsque quelqu&rsquo;un tente de visiter votre site via HTTP une redirection 307 dans le navigateur se produit maintenant, au lieu d&rsquo;une redirection 301 (comme vu ci-dessous).<\/p>\n<figure style=\"width: 1588px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2016\/11\/hsts-Strict-Transport-Security-redirection.png\" alt=\"HSTS \u2013 Strict-Transport-Security \u2013 Redirection 307\" width=\"1588\" height=\"540\"><figcaption class=\"wp-caption-text\">HSTS \u2013 Strict-Transport-Security \u2013 Redirection 307<\/figcaption><\/figure>\n<p>Typiquement, une redirection 307 n&rsquo;est utilis\u00e9e que pour les redirections temporaires. Une redirection 301 est utilis\u00e9e pour les URLs qui ont \u00e9t\u00e9 d\u00e9plac\u00e9es de fa\u00e7on permanente. Ne devrait-il pas utiliser une redirection 301 ? Et qu&rsquo;en est-il des ramifications SEO de cela ?<\/p>\n<p>Eh bien, en fait, une redirection 301 est toujours pr\u00e9sente dans les coulisses. La redirection 307 se fait au niveau du navigateur et non au niveau du serveur. Vous pouvez ex\u00e9cuter le site via un outil qui v\u00e9rifie la redirection au niveau du serveur, comme <a href=\"https:\/\/httpstatus.io\/\" target=\"_blank\" rel=\"noopener noreferrer\">httpstatus<\/a>, et vous verrez qu&rsquo;en fait, une redirection 301 est toujours en place. Par cons\u00e9quent, vous n&rsquo;avez pas \u00e0 vous soucier de l&rsquo;impact de l&rsquo;en-t\u00eate HSTS sur votre r\u00e9f\u00e9rencement.<\/p>\n<figure style=\"width: 1878px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2016\/11\/redirection-301-du-hsts.png\" alt=\"Redirection 301 du HSTS\" width=\"1878\" height=\"1064\"><figcaption class=\"wp-caption-text\">Redirection 301 du HSTS<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>S&rsquo;assurer que la s\u00e9curit\u00e9 est correctement configur\u00e9e pour votre site WordPress est tr\u00e8s important, surtout lorsqu&rsquo;il s&rsquo;agit de vous prot\u00e9ger contre les pirates informatiques. Il existe &#8230;<\/p>\n","protected":false},"author":38,"featured_media":24449,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kinsta_gated_content":false,"_kinsta_gated_content_redirect":"","footnotes":""},"tags":[32,33],"topic":[1036],"class_list":["post-24441","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-securite-web","tag-wordpress","topic-securite-wordpress"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.6 (Yoast SEO v24.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>HSTS - Comment utiliser le HTTP Strict Transport Security<\/title>\n<meta name=\"description\" content=\"L&#039;impl\u00e9mentation de l&#039;en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HSTS - Comment utiliser HTTP Strict Transport Security\" \/>\n<meta property=\"og:description\" content=\"L&#039;impl\u00e9mentation de l&#039;en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Kinsta\u00ae\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/kinstafrance\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/fm.brianleejackson\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-01T05:55:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-10-01T19:53:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1460\" \/>\n\t<meta property=\"og:image:height\" content=\"730\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Brian Jackson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"L&#039;impl\u00e9mentation de l&#039;en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\" \/>\n<meta name=\"twitter:creator\" content=\"@brianleejackson\" \/>\n<meta name=\"twitter:site\" content=\"@kinsta_fr\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Brian Jackson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\"},\"author\":{\"name\":\"Brian Jackson\",\"@id\":\"https:\/\/kinsta.com\/fr\/#\/schema\/person\/079824c00ccc2b7141504f27ea63bef7\"},\"headline\":\"HSTS &#8211; Comment utiliser HTTP Strict Transport Security\",\"datePublished\":\"2019-03-01T05:55:56+00:00\",\"dateModified\":\"2025-10-01T19:53:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\"},\"wordCount\":1248,\"publisher\":{\"@id\":\"https:\/\/kinsta.com\/fr\/#organization\"},\"image\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\",\"keywords\":[\"securit\u00e9 web\",\"WordPress\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\",\"url\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\",\"name\":\"HSTS - Comment utiliser le HTTP Strict Transport Security\",\"isPartOf\":{\"@id\":\"https:\/\/kinsta.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\",\"datePublished\":\"2019-03-01T05:55:56+00:00\",\"dateModified\":\"2025-10-01T19:53:30+00:00\",\"description\":\"L'impl\u00e9mentation de l'en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.\",\"breadcrumb\":{\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage\",\"url\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\",\"contentUrl\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png\",\"width\":1460,\"height\":730,\"caption\":\"HTTP Strict Transport Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/kinsta.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"S\u00e9curit\u00e9 WordPress\",\"item\":\"https:\/\/kinsta.com\/fr\/sujets\/securite-wordpress\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"HSTS &#8211; Comment utiliser HTTP Strict Transport Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kinsta.com\/fr\/#website\",\"url\":\"https:\/\/kinsta.com\/fr\/\",\"name\":\"Kinsta\u00ae\",\"description\":\"Solutions d&#039;h\u00e9bergement premium, rapides et s\u00e9curis\u00e9es\",\"publisher\":{\"@id\":\"https:\/\/kinsta.com\/fr\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kinsta.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kinsta.com\/fr\/#organization\",\"name\":\"Kinsta\",\"url\":\"https:\/\/kinsta.com\/fr\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/kinsta.com\/fr\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2023\/12\/kinsta-logo.jpeg\",\"contentUrl\":\"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2023\/12\/kinsta-logo.jpeg\",\"width\":500,\"height\":500,\"caption\":\"Kinsta\"},\"image\":{\"@id\":\"https:\/\/kinsta.com\/fr\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/kinstafrance\/\",\"https:\/\/x.com\/kinsta_fr\",\"https:\/\/www.instagram.com\/kinstahosting\/\",\"https:\/\/www.linkedin.com\/company\/kinsta\/\",\"https:\/\/www.pinterest.com\/kinstahosting\/\",\"https:\/\/www.youtube.com\/c\/Kinsta\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kinsta.com\/fr\/#\/schema\/person\/079824c00ccc2b7141504f27ea63bef7\",\"name\":\"Brian Jackson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/kinsta.com\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/79623d815f4ed4c8c2457392d728cb16?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/79623d815f4ed4c8c2457392d728cb16?s=96&d=mm&r=g\",\"caption\":\"Brian Jackson\"},\"description\":\"Brian has a huge passion for WordPress, has been using it for over a decade, and even develops a couple of premium plugins. Brian enjoys blogging, movies, and hiking. Connect with Brian on Twitter.\",\"sameAs\":[\"https:\/\/www.facebook.com\/fm.brianleejackson\",\"https:\/\/www.linkedin.com\/in\/brianleejackson\",\"https:\/\/x.com\/brianleejackson\"],\"url\":\"https:\/\/kinsta.com\/fr\/blog\/author\/brianjackson\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HSTS - Comment utiliser le HTTP Strict Transport Security","description":"L'impl\u00e9mentation de l'en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/","og_locale":"fr_FR","og_type":"article","og_title":"HSTS - Comment utiliser HTTP Strict Transport Security","og_description":"L'impl\u00e9mentation de l'en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.","og_url":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/","og_site_name":"Kinsta\u00ae","article_publisher":"https:\/\/www.facebook.com\/kinstafrance\/","article_author":"https:\/\/www.facebook.com\/fm.brianleejackson","article_published_time":"2019-03-01T05:55:56+00:00","article_modified_time":"2025-10-01T19:53:30+00:00","og_image":[{"width":1460,"height":730,"url":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","type":"image\/png"}],"author":"Brian Jackson","twitter_card":"summary_large_image","twitter_description":"L'impl\u00e9mentation de l'en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.","twitter_image":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","twitter_creator":"@brianleejackson","twitter_site":"@kinsta_fr","twitter_misc":{"\u00c9crit par":"Brian Jackson","Dur\u00e9e de lecture estim\u00e9e":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#article","isPartOf":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/"},"author":{"name":"Brian Jackson","@id":"https:\/\/kinsta.com\/fr\/#\/schema\/person\/079824c00ccc2b7141504f27ea63bef7"},"headline":"HSTS &#8211; Comment utiliser HTTP Strict Transport Security","datePublished":"2019-03-01T05:55:56+00:00","dateModified":"2025-10-01T19:53:30+00:00","mainEntityOfPage":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/"},"wordCount":1248,"publisher":{"@id":"https:\/\/kinsta.com\/fr\/#organization"},"image":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage"},"thumbnailUrl":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","keywords":["securit\u00e9 web","WordPress"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/","url":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/","name":"HSTS - Comment utiliser le HTTP Strict Transport Security","isPartOf":{"@id":"https:\/\/kinsta.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage"},"image":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage"},"thumbnailUrl":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","datePublished":"2019-03-01T05:55:56+00:00","dateModified":"2025-10-01T19:53:30+00:00","description":"L'impl\u00e9mentation de l'en-t\u00eate HSTS (HTTP Strict Transport Security) sur votre serveur Web peut aider \u00e0 pr\u00e9venir les attaques man-in-the-middle et le d\u00e9tournement de cookies.","breadcrumb":{"@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#primaryimage","url":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","contentUrl":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2019\/02\/hsts-strict-transport-security.png","width":1460,"height":730,"caption":"HTTP Strict Transport Security"},{"@type":"BreadcrumbList","@id":"https:\/\/kinsta.com\/fr\/blog\/hsts-strict-transport-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/kinsta.com\/fr\/"},{"@type":"ListItem","position":2,"name":"S\u00e9curit\u00e9 WordPress","item":"https:\/\/kinsta.com\/fr\/sujets\/securite-wordpress\/"},{"@type":"ListItem","position":3,"name":"HSTS &#8211; Comment utiliser HTTP Strict Transport Security"}]},{"@type":"WebSite","@id":"https:\/\/kinsta.com\/fr\/#website","url":"https:\/\/kinsta.com\/fr\/","name":"Kinsta\u00ae","description":"Solutions d&#039;h\u00e9bergement premium, rapides et s\u00e9curis\u00e9es","publisher":{"@id":"https:\/\/kinsta.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kinsta.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/kinsta.com\/fr\/#organization","name":"Kinsta","url":"https:\/\/kinsta.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/kinsta.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2023\/12\/kinsta-logo.jpeg","contentUrl":"https:\/\/kinsta.com\/fr\/wp-content\/uploads\/sites\/4\/2023\/12\/kinsta-logo.jpeg","width":500,"height":500,"caption":"Kinsta"},"image":{"@id":"https:\/\/kinsta.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/kinstafrance\/","https:\/\/x.com\/kinsta_fr","https:\/\/www.instagram.com\/kinstahosting\/","https:\/\/www.linkedin.com\/company\/kinsta\/","https:\/\/www.pinterest.com\/kinstahosting\/","https:\/\/www.youtube.com\/c\/Kinsta"]},{"@type":"Person","@id":"https:\/\/kinsta.com\/fr\/#\/schema\/person\/079824c00ccc2b7141504f27ea63bef7","name":"Brian Jackson","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/kinsta.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/79623d815f4ed4c8c2457392d728cb16?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/79623d815f4ed4c8c2457392d728cb16?s=96&d=mm&r=g","caption":"Brian Jackson"},"description":"Brian has a huge passion for WordPress, has been using it for over a decade, and even develops a couple of premium plugins. Brian enjoys blogging, movies, and hiking. Connect with Brian on Twitter.","sameAs":["https:\/\/www.facebook.com\/fm.brianleejackson","https:\/\/www.linkedin.com\/in\/brianleejackson","https:\/\/x.com\/brianleejackson"],"url":"https:\/\/kinsta.com\/fr\/blog\/author\/brianjackson\/"}]}},"acf":[],"_links":{"self":[{"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/posts\/24441","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/users\/38"}],"replies":[{"embeddable":true,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/comments?post=24441"}],"version-history":[{"count":11,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/posts\/24441\/revisions"}],"predecessor-version":[{"id":62994,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/posts\/24441\/revisions\/62994"}],"alternate":[{"embeddable":true,"hreflang":"es","title":"Spanish","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/es"},{"embeddable":true,"hreflang":"en","title":"English","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/en"},{"embeddable":true,"hreflang":"fr","title":"French","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/fr"},{"embeddable":true,"hreflang":"pt","title":"Portuguese","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/pt"},{"embeddable":true,"hreflang":"de","title":"German","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/de"},{"embeddable":true,"hreflang":"it","title":"Italian","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/it"},{"embeddable":true,"hreflang":"ja","title":"Japanese","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/jp"},{"embeddable":true,"hreflang":"nl","title":"Dutch","href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/translations\/nl"},{"href":"https:\/\/kinsta.com\/fr\/wp-json\/kinsta\/v1\/posts\/24441\/tree"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/media\/24449"}],"wp:attachment":[{"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/media?parent=24441"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/tags?post=24441"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/kinsta.com\/fr\/wp-json\/wp\/v2\/topic?post=24441"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}