26 votesRobin commented
Yes please, manual header additions and/or modifications/overrules on WAF rules is welcome.
It's absolutely ridiculous that HSTS still isn't implemented by Sophos years after this was introduced/accepted by the general community...
In UTM i could modify the configs manually for a generic HSTS addition/modification:
Header unset Strict-Transport-Security
Header always set Strict-Transport-Security "max-age=31536000;" env=HTTPS
But with XG manual modifications are a challenge...