We have a customer who is particularly concerned about security.

We just updated their Tomcat, which solved all the issues coming up in their 
security scan, except for one involving the following HTTP headers:


and strict transport security.

The environment is Tomcat 7.0.93, JSSE, running on an AS/400.

Is this something to be fixed in a configuration file, or the webapp, or 
someplace else?

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to