Enabling HSTS in Apache Tomcat

Solution Verified - Updated -


  • Security Team is asking to enable a response header with the name Strict-Transport-Security and the value max-age=expireTime, where expireTime is the time in seconds is added as per the recommendation.


  • Red Hat JBoss Web Server (JWS)
    • 5.x
  • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In