The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS) to enforce HTTPS based access and P3P for Microsoft Internet Explorer interoperability.

  1. Edit the response-header-admin-config.xml file or the response-header-runtime-config.xml file (or both), located in the <pf_install>/pingfederate/server/default/data/config-store directory.
  2. Save your changes.
  3. Restart PingFederate.

    For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on the System > Cluster Management screen.


    For each engine node, restart PingFederate to load the changes made in the response-header-admin-config.xml or response-header-runtime-config.xml file (or both) after the configuration is replicated.