Coder offers two browser security features that you can choose to enable. These are available under Manage > Admin > Infrastructure.
HTTP Strict Transport Security
If you are serving Coder over HTTPS, we recommend enabling the Strict-Transport-Security Header option, which adds the HTTP Strict Transport Security header to responses. This browser feature requires future requests to occur over HTTPS.
Secure Cookie
The Secure Cookie option controls the secure
property of cookies that
Coder issues. This prevents browsers from sending sensitive cookies, such as
those containing credentials, over unencrypted (HTTP) connections. We recommend
enabling this setting if you are serving Coder over HTTPS.
SSH
You can choose the SSH keygen algorithm Coder uses when generating SSH keys for users.
Coder allows you to choose between Ed25519, ECDSA, and RSA (4096 bits).