网站管理-安全中的添加的 HSTS 无法被 hstspreload.org 识别。我将原本在 location / 下 add_header 移动到 server 后成功被识别。

但 hstspreload 出现了以下提示

Warning: Unnecessary HSTS header over HTTPThe HTTP page at http://b.com sends an HSTS header. This has no effect over HTTP, and should be removed.

以下是我修改后的配置

server {
    listen                     80;
    listen                     443 ssl http2;
    server_name                b.com;
    ssl_certificate            /data/a/sites/b.com/ssl/site.crt;
    ssl_certificate_key        /data/a/sites/b.com/ssl/site.key;
    ssl_prefer_server_ciphers  on;
    ssl_ciphers                ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache          shared:SSL:5m;
    ssl_session_timeout        5m;
    keepalive_timeout          75s;
    keepalive_requests         100;
    access_log                 /data/a/sites/b.com/log/nginx/access.log;
    error_log                  /data/a/sites/b.com/log/nginx/error.log;
    root                       /data/a/sites/b.com/www;
    set_real_ip_from           127.0.0.1;
    real_ip_header             X-Real-IP;
    real_ip_recursive          on;
    add_header  Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
  
    if ($scheme = http) {
        return  301 https://$host$request_uri;
    }

    gzip                       on;
    gzip_comp_level            6;
    gzip_min_length            1k;
    gzip_types                 text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    brotli                     on;
    brotli_comp_level          6;
    brotli_min_length          1k;
    brotli_types               text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
    client_max_body_size       10M;
    access_by_lua_file         /data/a/sites/b.com/conf/access.lua;

    location / {
        index       index.php;
    
        if (!-e $request_filename) {
            rewrite  ^(.*)$ /index.php$1 last;
        }
    }

    location ~ ^/.+\.php(/|$) {
        include                  conf.sitemgr.d/global/conf/fastcgi_params;
        fastcgi_index            index.php;
        fastcgi_param            SCRIPT_FILENAME /data/a/sites/b.com/www$fastcgi_script_name;
        fastcgi_split_path_info  ^(.+\.php)(/.*)$;
        fastcgi_param            PATH_INFO $fastcgi_path_info;
        fastcgi_param            PATH_TRANSLATED $document_root$fastcgi_path_info;
        fastcgi_read_timeout     60s;
        fastcgi_pass             unix:/data/a/sites/b.com/php-pool/php-fpm.sock;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|bmp|swf|eot|svg|ttf|woff|woff2)$ {
        expires        30d;
        log_not_found  off;
    }
}