I'm trying to get Node-Red running on a network for a project. IT security at my workplace have run a security check and recommend that I enable HSTS. I'm not a network expert and have no idea how to do this.
I've enabled HTTPS in the settings.js file of node-red and to add HSTS (HTTP Strict Transport Security) I need to add this line to the header:
Strict-Transport-Security: max-age=60000.
Can I append this option to the Node-red settings.js file or would I have to set an environment variable outside of Node-red to do this? I've never had to do either before so can anyone offer some additional guidance on this please if this is the case?