Skip to content

Commit

Permalink
chore(docs): update security headers specification (#33673)
Browse files Browse the repository at this point in the history
1. fix details on how next handles security headers

* note: check your HSTS at https://hstspreload.org
* if your using headers in the config you need to add them below like 

![Screen Shot 2022-01-25 at 9 58 30 PM](https://user-images.githubusercontent.com/8095978/151096692-1544e239-6229-4654-bf64-b01bfc13a601.png)



## Bug

- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Errors have helpful link attached, see `contributing.md`

## Feature

- [ ] Implements an existing feature request or RFC. Make sure the feature request has been accepted for implementation before opening a PR.
- [ ] Related issues linked using `fixes #number`
- [ ] Integration tests added
- [ ] Documentation added
- [ ] Telemetry added. In case of a feature if it's used or not.
- [ ] Errors have helpful link attached, see `contributing.md`

## Documentation / Examples

- [ ] Make sure the linting passes by running `yarn lint`


Co-authored-by: Steven <229881+styfle@users.noreply.github.com>
  • Loading branch information
j-mendez and styfle authored Jan 26, 2022
1 parent 865a079 commit 9b98c5a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/advanced-features/security-headers.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d

This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP.

If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments.
If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](/docs/api-reference/next.config.js/headers.md) in your `next.config.js`.

```jsx
{
Expand Down

0 comments on commit 9b98c5a

Please sign in to comment.