On 08/02/2016 14:49, dku...@ccilindia.co.in wrote: > Hi, > > We are unable to fix the vulnerability of "HSTS missing from HTTPS server"
That is a not a security vulnerability. It is a configuration choice. > on apache tomcat 8.0.27 while running on unix operating system. Below is > the system configuration: > > OS Name: HP-UX > OS Version: B.11.31 > Architecture: IA64N > Java Home: /opt/java8/jre > JVM Version: 1.8.0.04-hp-ux-b2 > JVM Vendor: Hewlett-Packard Company > > We have uncommented the httpHeaderSecurity in the filter tag of > conf/web.xml file, Exactly what have you uncommented? Did you remember to uncomment the filter mapping as well as the filter definition? Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org