Running APEX 24.2, ORDS in standalone mode, locally hosted database.
We're setting security headers in Browser Security Attributes / HTTP Reponse Headers e.g. Content-Security-Policy.
If we set a Strict-Transport-Security header, the application crashes with an HTTP 500 server error on opening the login page.
The APEX runtime continues to run as expected and with the STS header in the generated output.
Any idea why this would be?