From f0ec293be8e04a14218a9507c9d1ad362f8c8153 Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Thu, 12 Dec 2024 21:50:32 +0100
Subject: [PATCH] feat(security): #314 include hsts

---
 handler/middleware/security_headers.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/handler/middleware/security_headers.go b/handler/middleware/security_headers.go
index a6a1d08..e1b2e01 100644
--- a/handler/middleware/security_headers.go
+++ b/handler/middleware/security_headers.go
@@ -34,6 +34,7 @@ func SecurityHeaders(serverSettings *types.Settings) func(http.Handler) http.Han
 			w.Header().Set("Permissions-Policy", "geolocation=(), camera=(), microphone=()")
 			w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
 			w.Header().Set("Permissions-Policy", "interest-cohort=()")
+			w.Header().Set("Strict-Transport-Security", "max-age=63072000; includeSubDomains; preload")
 
 			if r.Method == "OPTIONS" {
 				w.WriteHeader(http.StatusOK)