HSTS for Nim with Jester
HTTP Strict Transport Security is one of those headers that looks trivial and still gets deployed wrong all the time. If you run a Nim app with Jester, HSTS is easy to add. The hard part is adding it in the right place, with the right conditions, and without bricking a staging domain or forcing bad HTTPS assumptions behind a reverse proxy. HSTS tells the browser: only use HTTPS for this site keep doing that for a specific amount of time optionally apply the rule to subdomains optionally treat the domain as preload-eligible The header looks like this: ...