DamiToma's questions

I was reading about HTTP/HTTPS performance and found out HTTPS adds a considerable overhead because of the encryption process. I was wondering, is it a good idea (and is it possible) to load non sensitive content (such as public images, scripts, stylesheets and so on) via HTTP to avoid the additional overhead.
I read about this on the internet but couldn't find much, tried to load an image on an HTTPS website from an HTTP server and found out the requested URL is HTTPS although I used http in the src. So is there a way to do it?
Most importantly, is this secure? Thanks.

I would like to enhance the security of my server, so I'm following a guide regarding server security. I'm new to the subject, therefore there are many things I struggle to understand and there is much to change in the configuration files.
At the moment, I am trying to set cookies with HttpOnly and Secure flags and unset the X-Powered-By header, therefore I added these directives /etc/apache2/conf-enabled/security.conf:

Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header always unset X-Powered-By

In order to test the directive, I created a simple PHP file where I set a cookie and the header, but what I receive is neither HttpOnly nor Secure, moreover I'm still receiving the header.
There's a headers.load file inside the mods-enabled folder, I also checked whether mod_headers was enabled with apache2ctl -M, which returned (among the others)

headers_module (shared)

I even tried to manually load the module with LoadModule and logs told me the module was already enabled, so I guess everything is fine on that side.
Please note that I have a virtual host configured as:

<IfModule mod_ssl.c>
        <VirtualHost *:443>
                ServerName example.com
                ServerAlias www.example.com
                DocumentRoot /var/www/example.com/public_html
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                Include /etc/letsencrypt/options-ssl-apache.conf
                SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/site.org/privkey.pem
        </VirtualHost>
        <VirtualHost *:80>
                ServerName example.com
                ServerAlias www.example.com
                Redirect permanent / https://example.com/
        </VirtualHost>
</IfModule>

On the basis of what I've read on the docs, it should inherit the server configuration where not specified otherwise, anyway I tried placing those directives in the VirtualHost configuration and nothing worked.
I'm using Apache/2.4.29, my configuration file is /etc/apache2/apache2.conf. I'm sure I'm making stupid mistakes, but as I said I'm a novice!
Thanks a lot for your help.