Remove duplicate HSTS header on Apache if mod_headers is loaded

On Apache httpd, ./.htaccess sets HSTS if mod_headers is loaded, but though ./v/0.0.0/include.php does the same if envvar "HTTPS" is set, resulting in duplicate and thus invalid HSTS headers. One needs to go.
2025-02-27 00:10:31 +08:00 · 2022-04-19 23:09:20 +02:00 · 2022-04-19 23:09:20 +02:00 · 260ef6dc9d
commit 260ef6dc9d
parent eff357dc8e
1 changed files with 1 additions and 1 deletions
--- a/.htaccess
+++ b/.htaccess
@ -23,7 +23,7 @@
 #	Header set Cache-Control "public, max-age=31536000"
 #	Header set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'"
 #	Header set Referrer-Policy "no-referrer"
-	Header set Strict-Transport-Security "max-age=31536000"
+#	Header set Strict-Transport-Security "max-age=31536000"
 	Header set imagetoolbar "no"
 #	Header set X-Content-Type-Options "nosniff"
 #	Header set X-Frame-Options "DENY"