break
			}

			if !rule.Expiration.IsDaysNull() {
				// Specifying the Days tag will automatically perform ExpiredObjectDeleteMarker cleanup
				// once delete markers are old enough to satisfy the age criteria.
				// https://docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-configuration-examples.html
				if expectedExpiry := ExpectedExpiryTime(obj.ModTime, int(rule.Expiration.Days)); now.IsZero() || now.After(expectedExpiry) {

	// Verify signature.
	if !compareSignatureV4(req.Form.Get(xhttp.AmzSignature), newSignature) {
		return ErrSignatureDoesNotMatch
	}

	r.Header.Set("x-amz-signature-age", strconv.FormatInt(UTCNow().Sub(pSignValues.Date).Milliseconds(), 10))

	return ErrNone
}

// doesSignatureMatch - Verify authorization header with calculated header in accordance with

		header.Set("X-Content-Type-Options", "nosniff")                                // Prevent mime-sniff
		header.Set("Strict-Transport-Security", "max-age=31536000; includeSubDomains") // HSTS mitigates variants of MITM attacks

		// Previously, this value was set right before a response was sent to
		// the client. So, logger and Error response XML were not using this

  },
  "responseHeader": {
    "Accept-Ranges": "bytes",
    "Content-Length": "0",
    "ETag": "4939450d1beec11e10a91ee7700bb593",
    "Server": "MinIO",
    "Strict-Transport-Security": "max-age=31536000; includeSubDomains",
    "Vary": "Origin,Accept-Encoding",
    "X-Amz-Request-Id": "16ABE7A785E7AC2C",
    "X-Amz-Server-Side-Encryption": "aws:kms",