A Penetration test has identified the following HSTS (HTTP Strict Transport Security) vulnerability:

Set the StrictTransportSecurity header to: “maxage=31536000”. If all subdomains require HTTPS, set the StrictTransportSecurity header to: “maxage=31536000; includeSubDomains”.

DX NetOps Spectrum all currently supported releases

In order to enable HSTS, edit the $SPECROOT/tomcat/conf/web.xml file and change the following section from:

<filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
        </init-param>
</filter>

to

<filter>
        <filter-name>httpHeaderSecurity</filter-name>
        <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
        <init-param>
                <param-name>antiClickJackingOption</param-name>
                <param-value>SAMEORIGIN</param-value>
        </init-param>
        <init-param>
                 <param-name>hstsMaxAgeSeconds</param-name>
                 <param-value>31536000</param-value>
        </init-param>
                <async-supported>true</async-supported>
</filter>

Save the file and restart Spectrum tomcat.