Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Headers in Tomcat

Tags:

security

apache

header

tomcat

I want to set two headers at Tomcat level. Setting these on Apache level will affect my applications. Below two headers 

Set-Cookie HttpOnly;
Secure Strict-Transport-Security: max-age=31536000; includeSubDomains
like image 293
Arora20 Avatar asked Oct 27 '25 04:10

Arora20

1 Answers

You can use the HTTP Header Security Filter like this :

<filter>
  <filter-name>HTTP Header Security Filter</filter-name>
  <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
  <init-param>
    <param-name>hstsMaxAgeSeconds</param-name>
    <param-value>31536000</param-value>
  </init-param>
  <init-param>
    <param-name>hstsIncludeSubDomains</param-name>
    <param-value>true</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>HTTP Header Security Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

For details read the documentation.

like image 73
Ortomala Lokni Avatar answered Oct 30 '25 08:10

Ortomala Lokni
Sign in to Comment

Related questions

How to disable the Content-Length response header with Apache?
set_time_limit() has been disabled for security reasons
Cannot get any archetypes from Maven when using the remote catalog URL
Wordpress permalink not working on aws
How to fix the openssl issue "tls_process_ske_dhe:dh key too small" without reducing security
Apache Access Control to IPs (X-Forwarded-For) or valid-user
hashtag in apache .htaccess
Comfiguring Apache for socket.io and SSL / WSS
Dynamic domain htaccess redirection
Proxy timeout with ReWriteRule

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!