subject:"Re\: Security concern about Tomcat's default value for HSTS MaxAge"

Re: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Mark Thomas

On 26/08/2020 08:20, Martin Grigorov wrote: > Hi, > > On Tue, Aug 25, 2020 at 9:05 PM Dave Wichers > wrote: > > Per: > > https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter > and > https://tomcat.apache.org/tomcat-

Re: Security concern about Tomcat's default value for HSTS MaxAge

2020-08-26 Thread Martin Grigorov

Hi, On Tue, Aug 25, 2020 at 9:05 PM Dave Wichers wrote: > Per: > https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#HTTP_Header_Security_Filter > and > https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#HTTP_Header_Security_Filter > > they both say: > > hstsMaxAgeSeconds - The