Strict-Transport-Security
This is an additional security configuration when HTTPs is configured.
If enabled:
• Switching back to HTTP is not possible anymore. Once a supported browser receives this header that browser will prevent any communications from being sent over HTTP to the specified domain and will instead send all communications over HTTPS.
• Disable the HTTP connector
To enable Strict-Transport-Security, add the following valve to ... \Server\tomcat-*\conf\server.xml:
<Valve className="nl.planon.tomcat.AddHeaderValve" name="Strict-Transport-Security" value="max-age=31536000"/>
 |
For more details about this header see: https://www.owasp.org/index.php/HTTP_Strict_Transport_Security