id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
391	HSTS header disabled when SSL enabled	Shaiffulnizam Mohamad		"HSTS header which is as below, is not enabled when SSL is set to enable, when SSL is disable or OFF, then only the header showing up in the Nginx header. : 
add_header Strict-Transport-Security ""max-age=70400; includeSubdomains"";
and 
add_header X-Frame-Options SAMEORIGIN; is disable or not enabled when SSL is enabled.
"	defect	closed	minor		nginx-core	1.3.x	invalid				1.4.2, 1.5.3