id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 391 HSTS header disabled when SSL enabled Shaiffulnizam Mohamad "HSTS header which is as below, is not enabled when SSL is set to enable, when SSL is disable or OFF, then only the header showing up in the Nginx header. : add_header Strict-Transport-Security ""max-age=70400; includeSubdomains""; and add_header X-Frame-Options SAMEORIGIN; is disable or not enabled when SSL is enabled. " defect closed minor nginx-core 1.3.x invalid 1.4.2, 1.5.3