[Ach] HSTS Headers in Apache

Aaron Zauner azet at azet.org
Tue Sep 23 19:04:02 CEST 2014


There's currently discussion going on whether or not we should accept
this Pull Request on GitHub:

    - on one hand overwriting any existing HSTS Headers makes sense so
as not to merge/duplicate HSTS Header responses (problem stated in the
github PR),
    - on the other hand it hinders any web application to set it's own
HSTS rules, if it were to be aware of HSTS (which some apps are)

We'd kindly ask for your input.


More information about the Ach mailing list