Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS Header onsuccess unset Strict-Transport-Security