Solved

Setting strict transport security header in header not working

Posted on 2016-10-05
1
78 Views
Last Modified: 2016-10-14
Hi,
I am setting the following header in response of my spring web application :
         response.setHeader("Strict-Transport-Security","max-age=31536000");


I load my web application using https://localhost:4430/notes
4430 is the https port i have specified for my embedded jetty server...

I also see this header when my application page is loaded...
Now when i remove the s from this url i was expecting that it would auto hit https url But instead the url was aborted by the firefox browser :
All i see in the net panel is :
Screen-Shot-2016-10-05-at-7.06.50-PM.png
These are the response headers when the url is loaded with https://
Screen-Shot-2016-10-05-at-7.10.14-PM.pngWhat could be the reason for this ?

Thanks
0
Comment
Question by:Rohit Bajaj
1 Comment
 
LVL 61

Accepted Solution

by:
gheist earned 500 total points
ID: 41833068
HSTS work only with standard ports -i.e poison browser to redirect :80 to :443
It has no effect on other ports.
Dont you think it is better to use HSTS in web server? As part of maintaining it respective operator might want to disable SSL in future for example and to do so they have to cleat HSTS headers...
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
Wufoo.com provides powerful tools for surveying targeted groups, and utilizing data from completed surveys to find trends, discover areas of demand or customer expectation, and make business decisions on products or services.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now