If the technology is java/j2ee then you can implements some sort of servlet filter where you can manipulate the HTTP response to add these headers for each outgoing response. I believe other platforms like .Net should also support similar feature to customize the request and response objects.
On Mon, May 29, 2017 at 12:28 PM, Shaik, Mohammad N. < mohammad.n.sh...@accenture.com> wrote: > Hello, > > Can someone please let me know if the following headers are compatible > with Tomcat 6.x version? If yes, then how do we enable them? > > Headers: > 1) Strict-Transport-Security > 2) Content-Security-Policy > 3) Public-Key-Pins > 4) X-Frame-Options > 5) X-XSS-Protection > 6) X-Content-Type-Options > 7) X-Robots-Tag > > > Kind Regards, > Mohammad Nayeem > > ________________________________ > > This message is for the designated recipient only and may contain > privileged, proprietary, or otherwise confidential information. If you have > received it in error, please notify the sender immediately and delete the > original. Any other use of the e-mail by you is prohibited. Where allowed > by local law, electronic communications with Accenture and its affiliates, > including e-mail and instant messaging (including content), may be scanned > by our systems for the purposes of information security and assessment of > internal compliance with Accenture policy. > ____________________________________________________________ > __________________________ > > www.accenture.com >