[FEATURE REQUEST] Allow to change headers

[hyperdefined]

I would like to be able to change headers to my own. I have my own custom nginx config that I use and it's conflicting with the current set headers.

For example, make Strict-Transport-Security longer and preload.

[BobbyWibowo]

I don't get it. What headers that come by default from the lolisafe server, that prevents you from setting other headers such as the ones you mentioned above (Strict-Transport-Security)? I also use Nginx config to set those headers for safe.fiery.me. The lolisafe server only sets Cache-Control and Access-Control-Allow-Origin, but only when you choose to enable them from the config (other than some defaults set by Express). Even the defaults set by Express can be overridden from Nginx, if you so desire. At least that's what I did for my installation.

[BobbyWibowo]

Whoops, sorry about that. It seems mine was overwritten by Cloudflare as I had HSTS configured there. That's why I didn't notice Helmet would add the header by default.

You'd have needed to compile nginx with ngx_headers_more module to override the header set by Helmet through Nginx, otherwise.