Does anybody know how to configure Jetty to pass a header for HSTS? That is no problem with Apache or so but in case of Jetty I tried a couple of tips without success. I guess it could be associated with handlers in jetty.xml file but I am not able to figure out the exact way.
Greetings from Prague, Honza Hejzl
P. S. For Apache:
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY