Stop setting Strict-Transport-Securty header from within the app
Why was this MR needed?
Setting HSTS header is potentially harmful operation that should be decided on per installation basis. With that in mind its best to set HSTS headers at edge i.e. in Nginx.
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated -
Conform by the merge request performance guides -
Conform by the style guides -
Branch has no merge conflicts with master
(if it does - rebase it please) -
Squashed related commits together
Corresponding MR in Omnibus
What are the relevant issue numbers?
Related to #3440 (closed)