java.lang.Object
- org.uberfire.ext.security.server.SecureHeadersConfig

```
public class SecureHeadersConfig
extends Object
```
HTTP headers related to security For example: HSTS and Clickjacking mitigation support
Note: This implementation has been borrowed from Aerogear Security.

Constructor Summary

Constructors
Constructor Description

SecureHeadersConfig(javax.servlet.FilterConfig config)

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`String`	`getFrameOptions()`	Allows a secure web page from host B to declare that its content (for example a button, links, text, etc.) must not be displayed in a frame ( or ) of another page (e.g.
`String`	`getLocation()`	Retrieve the Location header
`String`	`getMaxAge()`	Specifies the number of seconds, after the reception of the STS header field
`String`	`getXssOptions()`
`boolean`	`hasFrameOptions()`	Verify if "x-frame-options" is present
`boolean`	`hasLocation()`	Verify if the option "Location" is present
`boolean`	`hasMaxAge()`	Verify if the option "max-age" is present
`boolean`	`hasXSSOptions()`	Verify if "x-xss-protection" is present

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SecureHeadersConfig
```
public SecureHeadersConfig(javax.servlet.FilterConfig config)
```
- Method Detail
  - getMaxAge
```
public String getMaxAge()
```
    Specifies the number of seconds, after the reception of the STS header field
    
    Returns:
    
    max-age directive
    
    See Also:
    
    The max-age Directive
  - getLocation
```
public String getLocation()
```
    Retrieve the Location header
    
    Returns:
    
    Location header field value
    
    See Also:
    
    HTTP Request Type
  - getFrameOptions
```
public String getFrameOptions()
```
    Allows a secure web page from host B to declare that its content (for example a button, links, text, etc.) must not be displayed in a frame ( or ) of another page (e.g. from host A). In principle this is done by a policy declared in the HTTP header and enforced by conforming browser implementations</div> <dl> <dt><span class="returnLabel">Returns:</span></dt> <dd>X-Frame-Options HTTP header field</dd> <dt><span class="seeLabel">See Also:</span></dt> <dd><a href="https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-02#section-1"> X-Frame-Options</a></dd> </dl> </li> </ul> <a id="hasMaxAge()">  </a> <ul class="blockList"> <li class="blockList"> <h4>hasMaxAge</h4> <pre class="methodSignature">public boolean hasMaxAge()</pre> <div class="block">Verify if the option "max-age" is present</div> <dl> <dt><span class="returnLabel">Returns:</span></dt> <dd>boolean</dd> </dl> </li> </ul> <a id="hasLocation()">  </a> <ul class="blockList"> <li class="blockList"> <h4>hasLocation</h4> <pre class="methodSignature">public boolean hasLocation()</pre> <div class="block">Verify if the option "Location" is present</div> <dl> <dt><span class="returnLabel">Returns:</span></dt> <dd>boolean</dd> </dl> </li> </ul> <a id="hasFrameOptions()">  </a> <ul class="blockList"> <li class="blockList"> <h4>hasFrameOptions</h4> <pre class="methodSignature">public boolean hasFrameOptions()</pre> <div class="block">Verify if "x-frame-options" is present</div> <dl> <dt><span class="returnLabel">Returns:</span></dt> <dd>boolean</dd> </dl> </li> </ul> <a id="hasXSSOptions()">  </a> <ul class="blockList"> <li class="blockList"> <h4>hasXSSOptions</h4> <pre class="methodSignature">public boolean hasXSSOptions()</pre> <div class="block">Verify if "x-xss-protection" is present</div> <dl> <dt><span class="returnLabel">Returns:</span></dt> <dd>boolean</dd> </dl> </li> </ul> <a id="getXssOptions()">  </a> <ul class="blockListLast"> <li class="blockList"> <h4>getXssOptions</h4> <pre class="methodSignature">public <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> getXssOptions()</pre> </li> </ul> </li> </ul> </section> </li> </ul> </div> </div> </main>  <footer role="contentinfo"> <nav role="navigation">  <div class="bottomNav"><a id="navbar.bottom">  </a> <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> <a id="navbar.bottom.firstrow">  </a> <ul class="navList" title="Navigation"> <li><a href="../../../../../index.html">Overview</a></li> <li><a href="package-summary.html">Package</a></li> <li class="navBarCell1Rev">Class</li> <li><a href="class-use/SecureHeadersConfig.html">Use</a></li> <li><a href="package-tree.html">Tree</a></li> <li><a href="../../../../../deprecated-list.html">Deprecated</a></li> <li><a href="../../../../../index-all.html">Index</a></li> <li><a href="../../../../../help-doc.html">Help</a></li> </ul> <div class="aboutLanguage"><b>Uberfire Servlet Security 7.67.0.Final</b></div> </div> <div class="subNav"> <ul class="navList" id="allclasses_navbar_bottom"> <li><a href="../../../../../allclasses.html">All Classes</a></li> </ul> <div> <script type="text/javascript"> </script> <noscript> <div>JavaScript is disabled on your browser.</div> </noscript> </div> <div> <ul class="subNavList"> <li>Summary: </li> <li>Nested | </li> <li>Field | </li> <li><a href="#constructor.summary">Constr</a> | </li> <li><a href="#method.summary">Method</a></li> </ul> <ul class="subNavList"> <li>Detail: </li> <li>Field | </li> <li><a href="#constructor.detail">Constr</a> | </li> <li><a href="#method.detail">Method</a></li> </ul> </div> <a id="skip.navbar.bottom">  </a></div>  </nav> <p class="legalCopy"><small>Copyright © 2012–2022 <a href="http://www.jboss.org/">JBoss by Red Hat</a>. All rights reserved.</small></p> </footer> </body> </html>

Class SecureHeadersConfig

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SecureHeadersConfig

Method Detail

getMaxAge

getLocation

getFrameOptions