Oh thanks, this is exactly I was looking for. I totally missed it in
the documentation. It's there.
Thank you.
2014-11-13 14:30 GMT+01:00 Eric Covener :
>> Neither provides the HSTS header to an unauthenticated user. Is there
>> a simple way to inject the HSTS (or any) header to unauthenticated
>
> Neither provides the HSTS header to an unauthenticated user. Is there
> a simple way to inject the HSTS (or any) header to unauthenticated
> users?
If it's the 401 that you want to have the header, you'll need
Header always set ...
Hello!
Working with Apache 2.4.
I wanted to configure an https host with HSTS:
[...]
Header set Strict-Transport-Security "max-age=31556952"
Require all granted
[...]
[...]
This works fine. However as soon as I require HTTP authentication on
apache level,