HSTS for Hono: copy-paste setups that actually work
HTTP Strict Transport Security, or HSTS, is one of those headers that’s boring right up until it saves you from a nasty downgrade attack. If you run a Hono app over HTTPS, you should probably send it. The browser sees the header once over a secure connection, remembers it, and refuses to talk to your site over plain HTTP for the configured period. That cuts off a whole class of “strip HTTPS and hope the user doesn’t notice” nonsense. ...