Ything-RepoMirrors/static-web-server
2
0
Fork 0
mirror of https://github.com/static-web-server/static-web-server.git synced 2026-01-25 13:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
static-web-server/docs/content/features/security-headers.md
Matthias Schoettle dd43d06551 refactor: format check support Markdown files via mdformat (#597) 
* chore: format Markdown files with mdformat
* chore: switch to mdformat config file
* chore: add missing trailing slash
* docs: add section about formatting Markdown files
2025-12-07 10:40:21 +01:00

890 B
Raw Permalink Blame History

Security Headers

SWS provides several security headers support.

When the HTTP/2 feature is activated security headers are enabled automatically.

This feature is disabled by default on HTTP/1 and can be controlled by the boolean --security-headers option or the equivalent SERVER_SECURITY_HEADERS env.

!!! tip "Customize HTTP headers"

If you want to customize HTTP headers on demand then have a look at the [Custom HTTP Headers](custom-http-headers.md) section.

Headers included

The following headers are included by default.

  • Strict-Transport-Security: max-age=63072000; includeSubDomains; preload" (2 years max-age)
  • X-Frame-Options: DENY
  • X-Content-Type-Options: nosniff
  • Content-Security-Policy: frame-ancestors
Reference in New Issue View Git Blame Copy Permalink