Important: #100032 - Add HTTP security headers for backend by default¶
The following HTTP security headers are now added by default for the TYPO3 backend:
Strict-Transport-Security: max-age=31536000(only if
The default HTTP security headers are globally configured in
$GLOBALS['TYPO3_CONF_VARS']['BE']['HTTP']['Response']['Headers'] and include
a unique array key, so it is possible to individually unset/remove unwanted
TYPO3 websites, which already use custom HTTP headers for the TYPO3 backend, must ensure that individual HTTP security headers are not sent multiple times.