Adding custom HTTP response headers
The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS), to enforce HTTPS-based access and P3P.
Steps
-
Edit the
response-header-admin-config.xml
file or theresponse-header-runtime-config.xml
file, or both, located in the<pf_install>/pingfederate/server/default/data/config-store
directory. -
Save your changes.
-
Restart PingFederate.
For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on System → Server → Cluster Management.