On Thu, 13 Aug 2015 20:28:40 +0000 "Houser, Rick" <[email protected]> wrote:
> Some time back, I turned on HSTS for our sites with something like this: > > Header always set Strict-Transport-Security "max-age=#######" I think you're misunderstanding mod_headers and the headers structure. In general terms, HTTP permits duplicate headers, which may have different values. For example,.multiple cookies. So mod_headers lets you set them, regardless of whether they're already set. If that's not what you want, you can of course configure mod_headers to unset an existing header before setting a new one. Or other configuration variants. -- Nick Kew
