httpHeaderSecurity org.apache.catalina.filters.HttpHeaderSecurityFilter hstsMaxAgeSeconds 31536000 antiClickJackingEnabled false hstsIncludeSubDomains true true httpHeaderSecurity /*