There doesn’t seem to be anything about Strict-Transport-Security in the official Meteor guide or browser-policy.
1 Like
Same way that you add any headers to Meteor:
WebApp.connectHandlers.use(function (req, res, next) {
res.setHeader(name, value);
next();
});
Although in a production environment you’re usually better off putting node behind a reverse proxy and SSL terminator like nginx.
In my setup nginx is responsible for all SSL, and so is responsible for the HSTS header
4 Likes