Lighttpd

Hi lighty community, I have a strange bug I would like to share.

I'm on a scaleway vps with a Debian jessie OS, using lighttpd version 1.4.35, I two server with the same configuration but they work differently as you will be able to see after this. I already tested the configuration file but everything is ok with this command: lighttpd -t -f lighttpd.conf and on the virtual host, I wasn't too surprised as it's working on one of the two.

This is my problem:

I have a first lighttpd serveur with a configuration using virutal host, securing headers with the setenv.add-response-header That's working wonderfully.

Now I installed a second one, with the exact same things, lighttd/php but I haven't got the same experience with this one. When doing a curl on the first one I optain this:

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=UTF-8
Link: "url here"
Date: Sat, 18 Feb 2017 17:22:00 GMT
Server: lighttpd/1.4.35

And on the second one this:

HTTP/1.1 200 OK
Set-Cookie: PHPSESSID=94iogj5ncavdlgr8sckd9f4i12; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Link: "url here"
Date: Sat, 18 Feb 2017 17:20:05 GMT
Server: lighttpd/1.4.35

I would like to obtain the same thing on the two as I have the same configuration, here my lighttpd.conf file:

server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_rewrite",
"mod_accesslog",
"mod_setenv"
)

#server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80

#enable debugging
debug.log-request-header = "enable"
debug.log-response-header = "enable"
debug.log-request-handling = "enable"
debug.log-file-not-found = "enable"

index-file.names = ( "index.php", "index.html", "index.lighttpd.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )

1. default listening port for IPv6 falls back to the IPv4 port
   include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
   include_shell "/usr/share/lighttpd/create-mime.assign.pl"
   include_shell "/usr/share/lighttpd/include-conf-enabled.pl"

accesslog.filename = "/var/log/lighttpd/access.log"

#server security
ssl.dh-file="/etc/ssl/private/dhparams.pem"

#adding all virtual host folder
include "virtualhost file here"

There the virtual host conf file only the part that is causing a problem:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "certificate"
ssl.ca-file = "certificate"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "key here"
ssl.use-compression = "disable"

setenv.add-response-header = (
"Strict-Transport-Security" => "max-age=63072000; includeSubDomains; preload",
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff"
)
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}

I'm completely lost as to why it's not working as it does on the first server, if you have any idea of why...