What happens if multiple Strict-Transport-Security headers are set in the HTTP response?
If multiple Strict-Transport-Security headers are set with different settings (e.g. different max-age values), how will the browser behave? Does the browser just follow one of them, or simply error out and discard all? Is this behaviour di… Continue reading What happens if multiple Strict-Transport-Security headers are set in the HTTP response?