Enabling HSTS in Apache Tomcat
Issue
- Security Team is asking to enable a response header with the name
Strict-Transport-Security
and the valuemax-age=expireTime
, whereexpireTime
is the time in seconds is added as per the recommendation.
Environment
- Red Hat JBoss Web Server (JWS)
- 5.x
- Apache Tomcat
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.