Solved

Setting strict transport security header in header not working

Posted on 2016-10-05
1
98 Views
Last Modified: 2016-10-14
Hi,
I am setting the following header in response of my spring web application :
         response.setHeader("Strict-Transport-Security","max-age=31536000");


I load my web application using https://localhost:4430/notes
4430 is the https port i have specified for my embedded jetty server...

I also see this header when my application page is loaded...
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser :
All i see in the net panel is :
Screen-Shot-2016-10-05-at-7.06.50-PM.png
These are the response headers when the url is loaded with https://
Screen-Shot-2016-10-05-at-7.10.14-PM.pngWhat could be the reason for this ?

Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 41833068
HSTS work only with standard ports -i.e poison browser to redirect :80 to :443
It has no effect on other ports.
Dont you think it is better to use HSTS in web server? As part of maintaining it respective operator might want to disable SSL in future for example and to do so they have to cleat HSTS headers...
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how to generate a csr to request an intermediate ca on os x 3 35
servlet  URL Rewriting 1 38
arguments to jar 5 26
Review of a VPN cert policy 4 28
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question