I've recently been asked to look into the HSTS parameters in the
httpHeaderSecurity filter. To date, I've only used the anti-clickjacking
parameters, and had no idea what HSTS even *is.*
As it stands, our Tomcat installations, at least those directly exposed
to the outside, are all set up as HTTPS-only, with no active listener
*at all* on 80 or 8080.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
