Skip to content

Add HSTS header for TLS deployments #41

Description

@0xNyk

Security headers in next.config.js include X-Frame-Options, CSP, etc. but Strict-Transport-Security is absent. Add HSTS gated on an env var (MC_ENABLE_HSTS) to avoid breaking local dev.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestsecuritySecurity-related issue

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions