Solved

Setting strict transport security header in header not working

Posted on 2016-10-05
1
110 Views
Last Modified: 2016-10-14
Hi,
I am setting the following header in response of my spring web application :
         response.setHeader("Strict-Transport-Security","max-age=31536000");


I load my web application using https://localhost:4430/notes
4430 is the https port i have specified for my embedded jetty server...

I also see this header when my application page is loaded...
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser :
All i see in the net panel is :
Screen-Shot-2016-10-05-at-7.06.50-PM.png
These are the response headers when the url is loaded with https://
Screen-Shot-2016-10-05-at-7.10.14-PM.pngWhat could be the reason for this ?

Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 62

Accepted Solution

by:
gheist earned 500 total points
ID: 41833068
HSTS work only with standard ports -i.e poison browser to redirect :80 to :443
It has no effect on other ports.
Dont you think it is better to use HSTS in web server? As part of maintaining it respective operator might want to disable SSL in future for example and to do so they have to cleat HSTS headers...
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you come here a lot? Are you lazy like me and don't want to go through the "trouble" of having to click your Dock's Safari icon and then having to click your Experts Exchange Favorites bookmark to get here? Well then this article is for you.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
This video teaches viewers how to create their own website using cPanel and Wordpress. Tutorial walks users through how to set up their own domain name from tools like Domain Registrar, Hosting Account, and Wordpress. More specifically, the order in…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question