Thanks to all who have responded (especially Mr. Schultz), and thanks in
advance to anybody else who responds. It will be a few more days before I can
act on the information. I'm not ignoring any of you; I'm gathering information
so I can solve the problem ASAP upon my return to work from my vac
We have a customer who is particularly concerned about security.
We just updated their Tomcat, which solved all the issues coming up in their
security scan, except for one involving the following HTTP headers:
X-FRAME-OPTIONS
X-XSS-PROTECTION
X-CONTENT-TYPE-OPTIONS
and strict transport security