I set HSTS for HTTPS only, using this directive at the beginning of httpd.conf (apache 2.2)
<IfModule mod_headers.c> Header add Strict-Transport-Security "max-age=15768000;includeSubDomains" env=HTTPS </IfModule> How can I tell Apache to not set HSTS for specific virtual hosts (using some type of IF statement) using one global directive (instead of unsetting inside the specific vhost’s conf)? Thanks
