The PingFederate administrative console and runtime server are capable of returning custom HTTP response headers, such as HTTP Strict-Transport-Security (HSTS), to enforce HTTPS-based access and P3P.
- Edit the response-header-admin-config.xml file or the response-header-runtime-config.xml file, or both, located in the <pf_install>/pingfederate/server/default/data/config-store directory.
- Save your changes.
For a clustered PingFederate environment, perform these steps on the console node, and then click Replicate Configuration on . You do not have to restart PingFederate on any running engine node.