DEV Community 👩‍💻👨‍💻


Posted on • Originally published at

Debugging HTTP headers in Hugo

Hugo can add all headers, including security headers, on the local server ( when you type hugo server in the terminal). It's pretty helpful for the debug, as some can break your website.

I had a problem setting them at first, but it occurred to me it was a small typo in the documentation, as it does not work well if you target .html only:

read the thread

The documentation has been updated since then, and you can test headers locally with a few lines in config.toml, for example:

        for = '/**'
            Permissions-Policy = "interest-cohort=()"
            Strict-Transport-Security = "max-age=31536000; includeSubDomains"
            X-Frame-Options = "SAMEORIGIN"
            X-Content-Type-Options = "nosniff"
Enter fullscreen mode Exit fullscreen mode

See complete documentation

Top comments (0)

We are hiring! Do you want to be our Senior Platform Engineer? We're hiring for a Senior Platform Engineer and would love for you to apply.

Head here to learn more about who we're looking for.