Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(docs): update security headers specification #33673

Merged
merged 6 commits into from
Jan 26, 2022
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/advanced-features/security-headers.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ This header controls DNS prefetching, allowing browsers to proactively perform d

This header informs browsers it should only be accessed using HTTPS, instead of using HTTP. Using the configuration below, all present and future subdomains will use HTTPS for a `max-age` of 2 years. This blocks access to pages or subdomains that can only be served over HTTP.

If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments.
If you're deploying to [Vercel](https://vercel.com/docs/edge-network/headers#strict-transport-security), this header is not necessary as it's automatically added to all deployments unless you declare [`headers`](https://nextjs.org/docs/api-reference/next.config.js/headers) in your `next.config.js`.
styfle marked this conversation as resolved.
Show resolved Hide resolved
styfle marked this conversation as resolved.
Show resolved Hide resolved

```jsx
{
Expand Down