Required dependencies: io.ktor:%artifact_name%
The %plugin_name% plugin adds the required HTTP Strict Transport Security headers to the request according to the RFC 6797. When the browser receives HSTS policy headers, it no longer attempts to connect to the server with insecure connections for a given period.
Note that HSTS policy headers are ignored over an insecure HTTP connection. For HSTS to take effect, it should be served over a secure connection.
%plugin_name% exposes its settings via HSTSConfig. The example below shows how to use the maxAgeInSeconds property to specify how long the client should keep the host in a list of known HSTS hosts:
{src="snippets/ssl-engine-main-hsts/src/main/kotlin/com/example/Application.kt" include-lines="11-12,17"}
You can also provide different HSTS configurations for different hosts using withHost:
{src="snippets/ssl-engine-main-hsts/src/main/kotlin/com/example/Application.kt" include-lines="11-17"}
You can find the full example here: ssl-engine-main-hsts.