[rsp-header-names] stanza

Defines static HTTP headers that will be added to every HTTP response from the WebSEAL server.

With this stanza, an administrator can insert some standard security headers into the response, such as strict-transport-security, content-security-policy, and x-frame-options.

Note: The headers that are defined in this stanza will replace any matching headers that might have been added to the response by a junctioned application.

If multiple headers of the same name are specified in this stanza, all but the last of the matching entries will be ignored.

The format of each entry in this stanza is:
<header-name> = <header-value>
For example:
strict-transport-security = max-age=31536000; includeSubDomains

A special <header-value> of '%SESSION_EXPIRY%' can be used to designate a header that will contain the remaining length of time, in seconds, before the current local session expires. This value does not include the overall session timeout for sessions that are managed by the distributed session cache (DSC), but just the length of time before the session expires in the local cache.

For example:
session-timeout = %SESSION_EXPIRY%