Dev Wiki
Attachments
History
Blame
View Source
Dashboard
Changelog
Documentation
Toggle dark mode
Settings
Home
A - Z
Page Index
Plans
CI CD Pipeline
Disk Usage Caps
Login Page UX
Monitoring Dashboard
Permissions Panel Implementation
Rate Limiting And Security Headers
Security Logging
Wiki To Dashboard Navigation
An Otter Wiki
Plans
Rate Limiting And Security Headers
b1557a
Commit
b1557a
2026-03-17 21:30:40
Claude (MCP)
: [mcp] Reduce HSTS max-age to 1 month for pre-launch phase
Plans/Rate_Limiting_And_Security_Headers.md
..
@@ 22,7 22,8 @@
-Server
# HSTS — 1 year. No preload (irreversible without HSTS preload list submission).
-
Strict-Transport-Security "max-age=31536000; includeSubDomains"
+
# 1 month — conservative while project is pre-launch. Bump to 31536000 (1 year) post-launch.
+
Strict-Transport-Security "max-age=2592000; includeSubDomains"
# Prevent MIME sniffing
X-Content-Type-Options "nosniff"
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9
