browserHSTSSeconds = "hsts_seconds"
	// browserHSTSIncludeSubdomains setting name for Strict-Transport-Security response header 'includeSubDomains' flag (true or false)
	browserHSTSIncludeSubdomains = "hsts_include_subdomains"
	// browserHSTSPreload setting name for Strict-Transport-Security response header 'preload' flag (true or false)
	browserHSTSPreload = "hsts_preload"

		header.Set("X-Content-Type-Options", "nosniff")                                // Prevent mime-sniff
		header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") // HSTS mitigates variants of MITM attacks

		// Previously, this value was set right before a response was sent to
		// the client. So, logger and Error response XML were not using this

},{"key":"keyrotation_workers_wait","value":"0ms"},{"key":"expiration_workers_wait","value":"0ms"}]},"browser":{"_":[{"key":"csp_policy","value":"default-src 'self' 'unsafe-eval' 'unsafe-inline';"},{"key":"hsts_seconds","value":"0"},{"key":"hsts_include_subdomains","value":"off"},{"key":"hsts_preload","value":"off"},{"key":"referrer_policy","value":"strict-origin-when-cross-origin"}]},"cache":{"_":[{"key":"enable","value":"off"},{"key":"endpoint","value":""},{"key":"block_size","value":""}]},"ca...

- Adds the ability to pass --strict-transport-security-directives to the kube-apiserver to set the HSTS header appropriately.  Be sure you understand the consequences to browsers before setting this field. ([#96502](https://github.com/kubernetes/kubernetes/pull/96502), [@249043822](https://github.com/249043822)) [SIG Auth]