Description
When using proxy.config.ssl.hsts_max_age to send a strict transport security header, we should examine the expiry of the certificate we are servige the request with, and clip the max HSTS age to the expiry of the certificate. This would prevent browsers puking on HSTS when certificates expire legitimately.