Hi Nitin, Per se this can be done by enabling the org.apache.catalina.filters.HttpHeaderSecurityFilter in the global or your webappâs web.xml
For CSP you should write your own Filter. Beware though that Content Security Policy is nothing that can be enabled without application knowhow, the right settings for your needs and intensive testing. You may really break inline Javascript in your pages (css too). Please check out the great websites of Scott Helme on the Headers https://Securityheaders.io or https://scotthelme.co.uk/csp-cheat-sheet/ Peter > Am 19.02.2019 um 19:13 schrieb Nitin Kadam <nitinkadam1...@gmail.com>: > > Hello Team > > Need help to enable below security headers in Apache tomcat 7.0.79 > Operating system is windows 2012 R2 > > 1. Content security headers > 2. HSTS header > > Regards > Nitin