Check process to insert security headers in nginx config from kong config file

I would like to know how to set up HSTS headers and security headers in the kong config file. I havent found anything yet.

There is none.

You can use response-transformer plugin to inject the header.

Hey so the response-transformer is the same as this? but for kong?To configure HSTS in Nginx, add the next entry in nginx.conf under server (SSL) directive

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'

Yes, https://docs.konghq.com/hub/kong-inc/response-transformer/

If you want to do it at the Nginx-level, you could use Nginx directive injection to achieve this as well:


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ