Hi , we recently had a security assessment for our community and the some of the items to take action as below Filter HTML tags for stored data. Any HTML that is given on the subject/title for all the posts it's making executable, like the links below testing "/><a href="https://google.com">Click me</a> Enable the missing security headers. The most notable being “Strict-Transport-Security”, which protects the application from MitM protocol downgrade attacks. is there a way to enable this header?

Security Assesment Community

Hi ,

we recently had a security assessment for our community and the some of the items to take action as below

Filter HTML tags for stored data.
- Any HTML that is given on the subject/title for all the posts it's making executable, like the links below
- ```
testing "/><a href="https://google.com">Click me</a>
```
Enable the missing security headers.
- The most notable being “Strict-Transport-Security”, which protects the application from MitM protocol downgrade attacks. is there a way to enable this header?