DOCUMENTATION
Security Headers
Nalth automatically sets a suite of security headers on all responses.
- Strict-Transport-Security (HSTS)
Enforces HTTPS connections. Defaults to `max-age=31536000; includeSubDomains; preload`.
- X-Frame-Options
Prevents clickjacking attacks. Defaults to `DENY`.
- X-Content-Type-Options
Prevents MIME-sniffing. Defaults to `nosniff`.
- Referrer-Policy
Controls how much referrer information is sent. Defaults to `strict-origin-when-cross-origin`.