HSTS for Crystal with Kemal: Pros, Cons, and Setup
HSTS is one of those headers that’s boring right up until the day it saves you from a nasty downgrade or cookie theft issue. If you’re running a Crystal app with Kemal, HSTS is usually easy to add. The hard part is deciding how aggressive to be. Short max-age? Long max-age? Include subdomains? Preload? Those choices have real operational consequences, especially if you run staging environments, legacy subdomains, or mixed infrastructure. ...