Como Activar HSTS en Payara5

[Yonier Andrés Restrepo Rodríguez]

Buenos días,

Por favor su ayuda para que por favor me ayuden o me indiquen en donde puedo activar HSTS.

Ya que me llegó este aviso:

The remote web server is not enforcing HSTS, as defined by RFC 6797. HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.  

Muchas gracias

[Rudy De Busscher]

Hi,

You can set the Strict-Transport-Security header using a servlet or JAX-RS filter within your web application.  Or this can be done on the proxy server or web Server like Apache Web Server.

There is no built-in option within Payara to do this for the moment.

Best Regards

Rudy