<div>
<div class="content wysiwyg-content">
Hi, 
I am setting the following header in response of my spring web application : 
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;response.setHeader(&quot;Strict-Transport-Security&quot;,&quot;max-age=31536000&quot;); 
 
 
I load my web application using <a href="https://localhost:4430/notes" rel="ugc">https://localhost:4430/notes</a> 
4430 is the https port i have specified for my embedded jetty server... 
 
I also see this header when my application page is loaded... 
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser : 
All i see in the net panel is : 
<a href="https://filedb.experts-exchange.com/incoming/2016/10_w41/1120615/Screen-Shot-2016-10-05-at-7.06.50-PM.png" target="_blank" title="Screen-Shot-2016-10-05-at-7.06.50-PM.png (41 KB)"><img alt="Screen-Shot-2016-10-05-at-7.06.50-PM.png" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/10_w41/800_1120615/Screen-Shot-2016-10-05-at-7.06.50-PM.png" /></a> 
These are the response headers when the url is loaded with <a href="https://" rel="ugc nofollow">https://</a> 
<a href="https://filedb.experts-exchange.com/incoming/2016/10_w41/1120617/Screen-Shot-2016-10-05-at-7.10.14-PM.png" target="_blank" title="Screen-Shot-2016-10-05-at-7.10.14-PM.png (116 KB)"><img alt="Screen-Shot-2016-10-05-at-7.10.14-PM.png" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2016/10_w41/800_1120617/Screen-Shot-2016-10-05-at-7.10.14-PM.png" /></a>What could be the reason for this ? 
 
Thanks
</div>
</div>

Screen-Shot-2016-10-05-at-7.06.50-PM.png

Screen-Shot-2016-10-05-at-7.10.14-PM.png

Hi,
I am setting the following header in response of my spring web application :
         response.setHeader("Strict-Transport-Security","max-age=31536000");


I load my web application using https://localhost:4430/notes
4430 is the https port i have specified for my embedded jetty server...

I also see this header when my application page is loaded...
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser : 
All i see in the net panel is : 


These are the response headers when the url is loaded with https://

What could be the reason for this ?

Thanks

Setting strict transport security header in header not working

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

HTTP Protocol

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Web browsers are applications used primarily to display documents, files and media from the Internet, identified by a Uniform Resource Identifier (URI) that can be a page, image, video or other file. Some browsers require the use of add-ons or extensions to safely render the information they receive; others have systems built into them to perform the same functions.

Web Browsers

Web applications are systems that run in browsers that perform functions normally associated with other client-based programs. One of the most commonly used web applications is email; instead of downloading individual emails to a local machine, the data is shown through a website. Other examples of web applications are collaborative systems like a wiki or an online game.

Web Applications

Java Enterprise Edition (Java EE) is a specification defining a collection of Java-based server and client technologies and how they interoperate. Java EE specifies server and client architectures and uses profiles to define technology sets targeted at specific classes of applications. All Java EE profiles share a set of common features, such as naming and resource injection, packaging rules and security requirements.