We’ve a looming requirement to set some security headers, things like content-security-policy and cache-control.
These feel like something that should be able to be generated by Wordpress itself, rather than our needing to manually figure out what it needs.
Is this something we can just enable in Kinsta somewhere? I haven’t yet found a likely-looking tickbox.
Failing that, can we get Kinsta to return manually-entered headers, or will we need to configure those downstream?