List of usage examples for com.google.common.net HttpHeaders STRICT_TRANSPORT_SECURITY
String STRICT_TRANSPORT_SECURITY
To view the source code for com.google.common.net HttpHeaders STRICT_TRANSPORT_SECURITY.
Click Source Link
From source file:keywhiz.service.filters.SecurityHeadersFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (response instanceof HttpServletResponse) { HttpServletResponse r = (HttpServletResponse) response; // Defense against XSS. We don't care about IE's Content-Security-Policy because it's useless r.addHeader("X-Content-Security-Policy", "default-src 'self'"); r.addHeader(HttpHeaders.X_XSS_PROTECTION, "0"); // With CSP, we don't need crazy magic // Tell IE not to do silly things r.addHeader(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff"); // Protection against click jacking r.addHeader("Frame-Options", "DENY"); // Who uses this? r.addHeader(HttpHeaders.X_FRAME_OPTIONS, "DENY"); // https-all-the-time r.addHeader(HttpHeaders.STRICT_TRANSPORT_SECURITY, format("max-age=%d; includeSubDomains", YEAR_OF_SECONDS)); }/*from www . j ava 2 s . c o m*/ chain.doFilter(request, response); }