Good configurations are safe by default, allow flexibility, and warn against mistakes.
Allow users to configure these in a guided manner. I.e. not just as free text custom headers, but as named options with sensible defaults and data validation.
Headers to Implement
- Strict-Transport-Security (HSTS) #29 (closed)