Enabling HSTS in Apache Tomcat

Solution Verified - Updated -

Issue

  • Security Team is asking to enable a response header with the name Strict-Transport-Security and the value max-age=expireTime, where expireTime is the time in seconds is added as per the recommendation.

Environment

  • Red Hat JBoss Web Server (JWS)
    • 5.x
  • Apache Tomcat

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content