The response headers being referred, is it part of UserAgent from server.conf?
Or this is regular SSO web agent HTTP response?
If you have enabled the headers module to the Apache HTTP Server, have you verified the module is actively loaded?
. ./ca_sps_env.sh
./apachectl -t -D DUMP_MODULES
SPS Default output (no ):
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_worker_module (static)
env_module (shared)
log_config_module (shared)
setenvif_module (shared)
mime_module (shared)
negotiation_module (shared)
dir_module (shared)
jk_module (shared)
cgi_module (shared)
alias_module (shared)
authz_host_module (shared)
authn_core_module (shared)
authz_core_module (shared)
unixd_module (shared)
slotmem_shm_module (shared)
And IfModule section is located under apache, not in Tomcat server.conf.
#<IfModule headers_module>
#RequestHeader unset DNT env=bad_DNT
#</IfModule>
I have not come across any SPS run book or tech note regarding this integration between HTTP Strict Transport Security and SPS, if it is not documented, there is no guarantee it will work.
Additional related info: CA SSO : SPS Hardening Security : Supress Server Headers
Hongxu