[Ach] HSTS Headers in Apache
Aaron Zauner
azet at azet.org
Tue Sep 23 19:04:02 CEST 2014
Hi,
There's currently discussion going on whether or not we should accept
this Pull Request on GitHub:
https://github.com/BetterCrypto/Applied-Crypto-Hardening/pull/71
- on one hand overwriting any existing HSTS Headers makes sense so
as not to merge/duplicate HSTS Header responses (problem stated in the
github PR),
- on the other hand it hinders any web application to set it's own
HSTS rules, if it were to be aware of HSTS (which some apps are)
We'd kindly ask for your input.
Aaron
More information about the Ach
mailing list