Hst:responseheaders for security

Hi Guys,

Good morning, i am new to Hippo.
we got requirement for adding hst:response headers in HIPPO CMS, I tried adding in my local.
I went to console and navigated to hst:hst/localhost/hst:root and added resposeheaders for security resons XSS, sniffing, MITM.

the thing is if i hit localhost:8080/cms/ i don’t see those added headers in chrome developer tools.

could you please help our where i am going wrong.

thanks in Advance…

That confiuguration is for the site webapp only. For cms webapp, you could write your own filters to add your own headers

In cms/src/main/webapp/WEB-INF/web.xml you can add a filter (some class that implements javax.servlet.Filter). You may look at the existing filters for inspiration

thank you i will try…

Perhaps other filters are changing things as well. Maybe inspect headers at other filters and change the order of filters?

Perhaps you can share your code, if you are hitting system.out then there is probably something you are missing there.

I think it is the order of your filters, your code is fine. You should probably just place your filters first, but at least before the CMS/Wicket filter.