Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Setting strict transport security header in header not working

Posted on 2016-10-05
1
Medium Priority
?
220 Views
Last Modified: 2016-10-14
Hi,
I am setting the following header in response of my spring web application :
         response.setHeader("Strict-Transport-Security","max-age=31536000");


I load my web application using https://localhost:4430/notes
4430 is the https port i have specified for my embedded jetty server...

I also see this header when my application page is loaded...
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser :
All i see in the net panel is :
Screen-Shot-2016-10-05-at-7.06.50-PM.png
These are the response headers when the url is loaded with https://
Screen-Shot-2016-10-05-at-7.10.14-PM.pngWhat could be the reason for this ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 62

Accepted Solution

by:
gheist earned 2000 total points
ID: 41833068
HSTS work only with standard ports -i.e poison browser to redirect :80 to :443
It has no effect on other ports.
Dont you think it is better to use HSTS in web server? As part of maintaining it respective operator might want to disable SSL in future for example and to do so they have to cleat HSTS headers...
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
While opting for any web-to-print solution, you need to discuss with your team and some of your end users and know their opinions about your decisions. In this article we list down some questions you need to ask yourself.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question