docs
/
Go to coder.comRequest Support
docs
/
Home
About
Comparison
Feedback
Workspaces
Getting started
Lifecycle
Editors and IDEs
Autostart
Dev URLs
Docker in workspaces
Workspace parameters
Environment variables
Personalization
User preferences
Progressive web apps
SSH access
Workspaces as code
Workspace templates
Workspace template code completion
Images
Import
Structure
Tags
Custom image creation
Configure
SSL certificates
Deprecate
Embeddable button
Command line
Installation and setup
Remote terminal
File sync
Workspace management
Setup
Architecture
Requirements
Kubernetes
Local preview
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Installation
Configuration
Licensing
Updating
Air-gapped deployment
Network setup
Admin
Access control
User roles
Organization roles
Password reset
User management
Workspace management
Docker in workspaces
Extensions
GPU acceleration
JetBrains IDE installation
Memory provisioning
CPU provisioning
Shutdown
SSH configuration
Registries
Default registry
Google Container Registry
Workspace providers
Workspace provider deployment
Access URL
Account dormancy
Appearance
Audit
Browser security
Dev URLs
Git integration
Organizations
Usage metrics
Telemetry
Templates
Guides
Admin
Compute resources
Helm charts
Image tag names
Logging
OpenID Connect with Azure AD
OpenID Connect with Okta
Usage monitoring
Customization
Custom workspaces
Git configuration
macOS keybindings
Node.js Projects
Virtual Network Computing
Deployment
Coder installation from an archive
Managed code-server Workspaces
PostgreSQL
SAML 2.0 identity brokering
Teardown
SSL certificates
Azure DNS
Cloud DNS
Cloudflare
Route 53
Mobile development
Public API
Troubleshooting
Docker troubleshooting
Image registry troubleshooting
inotify watcher limit problems
TypeError: Failed to fetch
Changelog
1.20.0
1.19.1
1.19.0
1.18.1
1.18.0
1.17.4
1.17.3
1.17.2
1.17.1
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.2
1.15.1
1.15.0
1.14.4
1.14.3
1.14.2
1.14.1
1.14.0
1.13.2
Home
/
Admin

Browser security

1 min read

Learn about Coder's browser security options.

Coder offers two browser security features that you can choose to enable. These are available under Manage > Admin > Infrastructure.

HTTP Strict Transport Security

If you are serving Coder over HTTPS, we recommend enabling the Strict-Transport-Security Header option, which adds the HTTP Strict Transport Security header to responses. This browser feature requires future requests to occur over HTTPS.

Toggle HTTP Strict Transport Security Header

The Secure Cookie option controls the secure property of cookies that Coder issues. This prevents browsers from sending sensitive cookies, such as those containing credentials, over unencrypted (HTTP) connections. We recommend enabling this setting if you are serving Coder over HTTPS.

Toggle Secure Cookie

See an opportunity to improve our docs? Make an edit.

Go to coder.comGitHub