diff --git a/common/src/java/org/apache/hive/http/HttpServer.java b/common/src/java/org/apache/hive/http/HttpServer.java index 35ab7f8422..6e3c993472 100644 --- a/common/src/java/org/apache/hive/http/HttpServer.java +++ b/common/src/java/org/apache/hive/http/HttpServer.java @@ -119,6 +119,8 @@ "X-XSS-Protection:1; mode=block"; static final String X_CONTENT_TYPE_OPTIONS = "X-Content-Type-Options:nosniff"; + static final String STRICT_TRANSPORT_SECURITY = + "Strict-Transport-Security:max-age=31536000; includeSubDomains"; private static final String HTTP_HEADER_REGEX = "hadoop\\.http\\.header\\.([a-zA-Z\\-_]+)"; private static final Pattern PATTERN_HTTP_HEADER_REGEX = @@ -675,6 +677,8 @@ private void initializeWebServer(final Builder b, int queueSize) throws IOExcept splitVal = X_XSS_PROTECTION.split(":"); headers.put(HTTP_HEADER_PREFIX + splitVal[0], splitVal[1]); + splitVal = STRICT_TRANSPORT_SECURITY.split(":"); + headers.put(HTTP_HEADER_PREFIX + splitVal[0],splitVal[1]); return headers; }