I moved my site to SSL a few years ago. I saw that our domain was now down to a C on Qualys's SSL test, so I did some updating yesterday, using advice from sites like this one, and I got it back up to an A+.

Today I tried to go to the admincp, and it wouldn't come up in any browser. I was very concerned that I had locked myself out for an extended period with HSTS, but it turned out to be the X-Frame security setting. Once commented out and httpd restarted, everything showed up fine. Figured I'd share here if I wasn't the first one to make the mistake.
  Header always set X-Frame-Options DENY  <--- THIS LINE BREAKS ADMINCP