Implement HSTS ?
How Do I?
Need some pointers on how to enable HTTP Strict-Transport-Security response header in EE6.
Are there any docs out there or tutorials?
Also need to put a Content-Security-Policy header - can anyone point me in right direction please?
Thanks!
To enable the HTTP Strict-Transport-Security (HSTS) response header in EE6, you can typically configure it in your web server settings (like Apache or Nginx) or directly in your application’s configuration files. For detailed guidance, you might find the official documentation for EE6 or web server tutorials helpful.
For the Content-Security-Policy (CSP) header, you can also set this in your web server configuration or application settings. Look for tutorials specific to your server type or the EE6 documentation for examples on how to implement these security headers effectively.
Thanks Ahoena12 - I’ve tried it with a Meta tag and it keeps breaking everything. Need to look into it more deeply
Howdy,
Might also be worth taking a look at Hop CSP Header
We talked about this briefly internally and it’s likely we’ll add this to the http_header core add-on in V 7
Cheers,
-Tom Jaeger