How to Enable Secure HTTP Header in Apache Tomcat 8?

We earn commission when you buy through affiliate links.

This does not influence our reviews or recommendations.Learn more.

Injecting HTTP Response with the secure header can mitigate most of theweb security vulnerabilities.

Having secure header instruct net online gate to do or not to do certain things toprevent certain security attack.

Tomcat 8 has added support for following HTTP response headers.

Ive tested withApache Tomcat 8.5.15onDigital OceanLinux (CentOS distro) server.

Note:If you are looking for overall hardening & security then you mayrefer this guide.

By uncommenting above, you instruct Tomcat to support HTTP Header Security filter.

By adding above you instruct Tomcat to inject the HTTP Header in all the system URL.

You may use anonline tool to verify the headeror use F12 on a online window to inspect.

Here is quick filter reference taken from a web.xml file.

If you are new to Tomcat, you may be interested in taking thisApache Tomcat administration course.