[rsp-header-names] stanza
Defines static HTTP headers that will be added to every HTTP response from the WebSEAL server.
With this stanza, an administrator can insert some standard security headers into the response, such as strict-transport-security, content-security-policy, and x-frame-options.
If multiple headers of the same name are specified in this stanza, all but the last of the matching entries will be ignored.
<header-name> = <header-value>
strict-transport-security = max-age=31536000; includeSubDomains
A special <header-value> of '%SESSION_EXPIRY%' can be used to designate a header that will contain the remaining length of time, in seconds, before the current local session expires. This value does not include the overall session timeout for sessions that are managed by the distributed session cache (DSC), but just the length of time before the session expires in the local cache.
session-timeout = %SESSION_EXPIRY%