b137e3e72d
Caddy does not set Strict-Transport-Security on GlitchTip because the full security_headers snippet is intentionally omitted (Permissions-Policy interferes with the Sentry SDK CORS). Adding HSTS alone guarantees HTTPS enforcement at the Caddy layer without breaking SDK ingestion. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>