I would like to know how to set up HSTS headers and security headers in the kong config file. I havent found anything yet.
There is none.
You can use
response-transformer plugin to inject the header.
Hey so the response-transformer is the same as this? but for kong?To configure HSTS in Nginx, add the next entry in nginx.conf under server (SSL) directive
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'
If you want to do it at the Nginx-level, you could use Nginx directive injection to achieve this as well: