/opt/novell/nam/mag/webapps/nesp/WEB-INF/
<context-param>
<param-name>phishingCheck</param-name>
<param-value>standard</param-value>
</context-param><welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/index.html</location>
</error-page>
<filter>
<filter-name>TomcatSameOriginFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter
</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>TomcatSameOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
SSLProtocol TLSv1.1 +TLSv1.2
SSLCipherSuite !aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:ALL:!EDH
/etc/opt/novell/apache2/conf
The mod_headers library is enabled.
LoadModule headers_module libexec/mod_headers.so
/etc/opt/novell/apache2/conf
The header set directive for the HSTS header is added at the bottom of the file:Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"