We have 3 HSTS headers. Our service generates one, looks like some reverse proxies add their own without replacing the other. Also our header is stricter, so ideally we should keep that one instead of replacing it. ``` $ curl -i https://dev.firefoxprofiler.nonprod.cloudops.mozgcp.net/__version__ ... strict-transport-security: max-age=63072000; includeSubDomains strict-transport-security: max-age=31536000 strict-transport-security: max-age=31536000 ... ``` $ curl -i https://api.profiler.firefox.com/__version__ ... strict-transport-security: max-age=63072000; includeSubDomains strict-transport-security: max-age=31536000 strict-transport-security: max-age=31536000 ... ```
Bug 1638031 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
We have 3 HSTS headers. Our service generates one, looks like some reverse proxies add their own without replacing the other. Also our header is stricter, so ideally we should keep that one instead of replacing it. ``` $ curl -i https://dev.firefoxprofiler.nonprod.cloudops.mozgcp.net/__version__ ... strict-transport-security: max-age=63072000; includeSubDomains strict-transport-security: max-age=31536000 strict-transport-security: max-age=31536000 ... $ curl -i https://api.profiler.firefox.com/__version__ ... strict-transport-security: max-age=63072000; includeSubDomains strict-transport-security: max-age=31536000 strict-transport-security: max-age=31536000 ... ```