I have two webapps.
Both are used for testing in a reverse proxy scenario.
SAN certificate is used (Subject Alternative Name) for both.
1 allows adding a security exception, the other does not.
The one that allows has HSTS header only in one page add in the PHP code itself:
<?php header("strict-transport-security: max-age=600"); ?>
The other - no idea, I dont have access to the source code.
Possible reasons on why 1 can have an exception and the other can't would be very helpful to me. Thank you.