AnsweredAssumed Answered

Please help configure Strict-Transport Security Header in Tomcat

Question asked by Edenson James on Sep 17, 2018
Latest reply on Sep 18, 2018 by Shyam Raj

Does anybody know how to configure HTTP Strict-Transport Security Header in Tomcat - Linux / Red Hat?

I used this format and when trying to do a curl the header doesn't show up:

<filter>  <filter-name>httpHeaderSecurity</filter-name>  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>  <init-param>   <param-name>hstsEnabled</param-name>   <param-value>true</param-value>  </init-param>   <init-param>   <param-name>maxAgeSeconds</param-name>   <param-value>31536000</param-value>  </init-param>  <init-param>   <param-name>includeSubDomains</param-name>   <param-value>true</param-value>  </init-param>  <async-supported>true</async-supported> </filter>  <filter-mapping> <filter-name>httpHeaderSecurity</filter-name> <url-pattern>/*</url-pattern> <url-pattern>*</url-pattern> <dispatcher>REQUEST</dispatcher> </filter-mapping>

Any assistance is greatly appreciated. Thank you very much (Edenson)

Outcomes