Ops One AG

You can subscribe via RSS

Monday 18th December 2017

Managed Server Version 6: website module: configurable hsts header

By default, we add a HTTP Strict Transport Security (HSTS) header to each TLS enabled website. According to the current best practices, the max-age is set to the fairly large value of 63072000. While this is fine for most use cases, there are some where a shorter max-age setting or even other values are desirable. This change introduces the new header_hsts parameter where you can override the HTTP Strict Transport Security header with a value if your choice: https://docs.snowflakeops.ch/6-0-stable/services/website.html#hsts-header Closes #239