Adds comment in serverless.yml for dev override

config/serverless.yml

@@ -26,6 +26,7 @@ telemetry.allowChangingOptInStatus: false
 
 # Harden security response headers, see https://github.com/elastic/kibana/issues/150884
 # The browser should remember that a site, including subdomains, is only to be accessed using HTTPS for 1 year
+# Can override this setting in kibana.dev.yml, e.g. server.securityResponseHeaders.strictTransportSecurity: null
 server.securityResponseHeaders.strictTransportSecurity: max-age=31536000; includeSubDomains
 # Disable embedding for serverless MVP
 server.securityResponseHeaders.disableEmbedding: true