Hi Arno, Thanks for your reply. I appreciate that it’s a client side issue and apache is just compensating for this so the efforts are fully appreciated especially with free software. It’s just unfortunate that the PCI compliance companies are treating it as a requirement that the servers should compensate for it. Out of interest, you said it is already backported? I’m using squeeze-backports but it hasn’t appeared as an update? Am I doing something wrong here? James Greig |