-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Duplicate headers #1348
Comments
Depends on the spec, I see the double headers mainly with HSTS (with of course a preload only on the www). In those cases I think it should be valid, but with |
The person that reported the issue stated the following:
|
Looks like multiple |
When headers occur more than once, domains currently pass the test. Other testing platforms (Mozilla Observatory and Security Headers) seem to reject this. We should like into this and decide how we want to deal with such scenario's. @mxsasha stated that it's customary to use the last header in case there are duplicates.
The text was updated successfully, but these errors were encountered: