Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(docs): update security headers specification #33673

Merged
merged 6 commits into from Jan 26, 2022
+1 −1
Merged

chore(docs): update security headers specification #33673

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
ef856f6
chore(docs): update security headers specification
j-mendez Jan 26, 2022
78ed252
Update docs/advanced-features/security-headers.md
j-mendez Jan 26, 2022
6e8a52a
Merge branch 'canary' into patch-1
j-mendez Jan 26, 2022
f999922
Remove nextjs.org prefix
styfle Jan 26, 2022
cb306c6
Merge branch 'canary' into patch-1
kodiakhq[bot] Jan 26, 2022
9bdb4fa
Merge branch 'canary' into patch-1
kodiakhq[bot] Jan 26, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/advanced-features/security-headers.md
View file
Open in desktop
Expand Up @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d

This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP.

If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments.
If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](/docs/api-reference/next.config.js/headers.md) in your `next.config.js`.

```jsx
{
Expand Down