StrictTransportSecurity

Builder for the Strict-Transport-Security (HSTS) HTTP response header.

Usage

Source

StrictTransportSecurity()

Default header value: max-age=31536000

Notes

* Only send this header over HTTPS; browsers ignore it otherwise. * preload requires includeSubDomains and at least one year max-age. * max-age is required by the HSTS specification.

Resources: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security - https://hstspreload.org/ - https://owasp.org/www-project-secure-headers/

Parameter Attributes

header_name: str

_max_age: int | None = None

_include_subdomains: bool = False

_preload: bool = False

_raw_value: str | None = None