7 files changed, 35 insertions, 3 deletions

diff --git a/doc/sphinx/arm/agent.rst b/doc/sphinx/arm/agent.rst
index f69696d1af..4862d46a92 100644
--- a/doc/sphinx/arm/agent.rst
+++ b/doc/sphinx/arm/agent.rst
@@ -56,6 +56,12 @@ The following example demonstrates the basic CA configuration.
        "Control-agent": {
            "http-host": "10.20.30.40",
            "http-port": 8000,
+           "http-headers": [
+               {
+                   "name": "Strict-Transport-Security",
+                   "value": "max-age=31536000"
+                }
+           ],
            "trust-anchor": "/path/to/the/ca-cert.pem",
            "cert-file": "/path/to/the/agent-cert.pem",
            "key-file": "/path/to/the/agent-key.pem",
@@ -114,6 +120,9 @@ different from the HA peer URLs, which are strictly
 for internal HA traffic between the peers. User commands should
 still be sent via the CA.
 
+Since Kea 1.7.5 the ``http-headers`` parameter specifies a list of
+extra HTTP headers to add to HTTP responses.
+
 The ``trust-anchor``, ``cert-file``, ``key-file``, and ``cert-required``
 parameters specify the TLS setup for HTTP, i.e. HTTPS. If these parameters
 are not specified, HTTP is used. The TLS/HTTPS support in Kea is
diff --git a/doc/sphinx/arm/congestion-handling.rst b/doc/sphinx/arm/congestion-handling.rst
index 68b7913036..0e54ebca0f 100644
--- a/doc/sphinx/arm/congestion-handling.rst
+++ b/doc/sphinx/arm/congestion-handling.rst
@@ -22,7 +22,7 @@ Congestion typically occurs when there is a network event that causes overly lar
 numbers of clients to simultaneously need leases, such as recovery after
 a network outage. In a well-planned deployment, the number and capacity of servers is
 matched to the maximum expected client load. If the load is routinely too
-heavy, then the deployment needs to be re-evaluated. 
+heavy, then the deployment needs to be re-evaluated.
 
 The goal of congestion handling is to help servers mitigate the peak in
 traffic by fulfilling as many of the most relevant requests as possible
diff --git a/doc/sphinx/arm/ctrl-channel.rst b/doc/sphinx/arm/ctrl-channel.rst
index 3079069287..2a1c2f6f4b 100644
--- a/doc/sphinx/arm/ctrl-channel.rst
+++ b/doc/sphinx/arm/ctrl-channel.rst
@@ -207,6 +207,11 @@ depends on the specific command.
        }
    }
 
+.. note::
+
+   Since Kea 2.7.5 it is possible to specify extra HTTP headers which
+   are added to HTTP responses.
+
 .. _ctrl-channel-control-agent-command-response-format:
 
 Control Agent Command Response Format
diff --git a/doc/sphinx/arm/dhcp4-srv.rst b/doc/sphinx/arm/dhcp4-srv.rst
index bbb428e081..50283a2408 100644
--- a/doc/sphinx/arm/dhcp4-srv.rst
+++ b/doc/sphinx/arm/dhcp4-srv.rst
@@ -7777,6 +7777,9 @@ TLS is required). The ``socket-address`` (default ``127.0.0.1``) and
 ``socket-port`` (default 8000) specify an IP address and port to which
 the HTTP service will be bound.
 
+Since Kea 1.7.5 the ``http-headers`` parameter specifies a list of
+extra HTTP headers to add to HTTP responses.
+
 The ``trust-anchor``, ``cert-file``, ``key-file``, and ``cert-required``
 parameters specify the TLS setup for HTTP, i.e. HTTPS. If these parameters
 are not specified, HTTP is used. The TLS/HTTPS support in Kea is
@@ -7832,6 +7835,12 @@ to detect configuration errors as soon as possible.
                "socket-type": "https",
                "socket-address": "10.20.30.40",
                "socket-port": 8004,
+               "http-headers": [
+                   {
+                       "name": "Strict-Transport-Security",
+                       "value": "max-age=31536000"
+                    }
+               ],
                "trust-anchor": "/path/to/the/ca-cert.pem",
                "cert-file": "/path/to/the/agent-cert.pem",
                "key-file": "/path/to/the/agent-key.pem",
diff --git a/doc/sphinx/arm/dhcp6-srv.rst b/doc/sphinx/arm/dhcp6-srv.rst
index 4ea40f4321..14c89c70eb 100644
--- a/doc/sphinx/arm/dhcp6-srv.rst
+++ b/doc/sphinx/arm/dhcp6-srv.rst
@@ -7591,6 +7591,9 @@ TLS is required). The ``socket-address`` (default ``::1``) and
 ``socket-port`` (default 8000) specify an IP address and port to which
 the HTTP service will be bound.
 
+Since Kea 1.7.5 the ``http-headers`` parameter specifies a list of
+extra HTTP headers to add to HTTP responses.
+
 The ``trust-anchor``, ``cert-file``, ``key-file``, and ``cert-required``
 parameters specify the TLS setup for HTTP, i.e. HTTPS. If these parameters
 are not specified, HTTP is used. The TLS/HTTPS support in Kea is
@@ -7646,6 +7649,12 @@ to detect configuration errors as soon as possible.
                "socket-type": "https",
                "socket-address": "2010:30:40::50",
                "socket-port": 8005,
+               "http-headers": [
+                   {
+                       "name": "Strict-Transport-Security",
+                       "value": "max-age=31536000"
+                    }
+               ],
                "trust-anchor": "/path/to/the/ca-cert.pem",
                "cert-file": "/path/to/the/agent-cert.pem",
                "key-file": "/path/to/the/agent-key.pem",
diff --git a/doc/sphinx/arm/hooks-lease-query.rst b/doc/sphinx/arm/hooks-lease-query.rst
index ff8f223236..c7ddbe0023 100644
--- a/doc/sphinx/arm/hooks-lease-query.rst
+++ b/doc/sphinx/arm/hooks-lease-query.rst
@@ -649,7 +649,7 @@ and includes either the count of leases updated or the nature of the failure:
 
 This ``extended-info6-upgrade`` command must be called when:
 
-- the database schema was upgraded from 2.4.1 or older version. 
+- the database schema was upgraded from 2.4.1 or older version.
   ``extended-info4-upgrade`` can be used when upgrading from 2.3.8 or older version.
 
 - Bulk Leasequery was not enabled; tables are maintained only when v6 BLQ is
diff --git a/doc/sphinx/arm/quickstart.rst b/doc/sphinx/arm/quickstart.rst
index 9ece8adf34..6cabbce77e 100644
--- a/doc/sphinx/arm/quickstart.rst
+++ b/doc/sphinx/arm/quickstart.rst
@@ -17,7 +17,7 @@ Quick Start Guide Using tarball
     :ref:`build-requirements` for details.
 
 2.  Download the Kea source tarball from
-    `the main isc.org downloads page <https://www.isc.org/download/>`__, 
+    `the main isc.org downloads page <https://www.isc.org/download/>`__,
     `the ISC downloads site <https://downloads.isc.org/isc/kea/>`__, or
     `the ISC Cloudsmith page <https://cloudsmith.io/~isc/packages/?q=format%3Araw>`__.