似乎您已经在使用已加密的https. 默认情况下，应该阻止中间人攻击，因为浏览器会自动验证证书链.

It looks like you're already using https which is encrypted. A man in the middle attack should be prevented by default since browsers verify the certificate chain automatically.

我建议阅读本指南关于https.

I recommend reading this guide about https.