Enable #HTTP Strict Transport Security (#HSTS) in #Jboss EAP 7.x

By | February 22, 2022

To enable HSTS in Jboss from jboss-cli.sh command line execute the following:

/subsystem=undertow/configuration=filter/response-header=hsts-header:add(header-name="Strict-Transport-Security",header-value="max-age=31536000;")
/subsystem=undertow/server=default-server/host=default-host/filter-ref=hsts-header:add

The following curl command can be used to verify the response header is returned correctly:

❯ curl --insecure -i https://localhost:8443/myapp
HTTP/2 302 
strict-transport-security: max-age=31536000;
location: https://localhost:8443/myapp/
content-length: 0
date: Tue, 22 Feb 2022 08:25:27 GMT

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.