java.lang.Object
- org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec

Enclosing class:

ServerHttpSecurity
```
public final class ServerHttpSecurity.HeaderSpec
extends java.lang.Object
```
Configures HTTP Response Headers.

Since:

5.0

See Also:

ServerHttpSecurity.headers()

Nested Class Summary

Nested Classes
Modifier and Type	Class	Description
`class`	`ServerHttpSecurity.HeaderSpec.CacheSpec`	Configures cache control headers
`class`	`ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec`	Configures `Content-Security-Policy` response header.
`class`	`ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec`	The content type headers
`class`	`ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec`	Configures the Cross-Origin-Embedder-Policy header
`class`	`ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec`	Configures the Cross-Origin-Opener-Policy header
`class`	`ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec`	Configures the Cross-Origin-Resource-Policy header
`class`	`ServerHttpSecurity.HeaderSpec.FeaturePolicySpec`	Configures `Feature-Policy` response header.
`class`	`ServerHttpSecurity.HeaderSpec.FrameOptionsSpec`	Configures frame options response header
`class`	`ServerHttpSecurity.HeaderSpec.HstsSpec`	Configures Strict Transport Security response header
`class`	`ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec`	Configures `Permissions-Policy` response header.
`class`	`ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec`	Configures `Referrer-Policy` response header.
`class`	`ServerHttpSecurity.HeaderSpec.XssProtectionSpec`	Configures x-xss-protection response header

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method	Description
`ServerHttpSecurity`	`and()`	Allows method chaining to continue configuring the `ServerHttpSecurity`
`ServerHttpSecurity.HeaderSpec.CacheSpec`	`cache()`	Configures cache control headers
`ServerHttpSecurity.HeaderSpec`	`cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer)`	Configures cache control headers
`protected void`	`configure(ServerHttpSecurity http)`
`ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec`	`contentSecurityPolicy(java.lang.String policyDirectives)`	Configures `Content-Security-Policy` response header.
`ServerHttpSecurity.HeaderSpec`	`contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer)`	Configures `Content-Security-Policy` response header.
`ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec`	`contentTypeOptions()`	Configures content type response headers
`ServerHttpSecurity.HeaderSpec`	`contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer)`	Configures content type response headers
`ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec`	`crossOriginEmbedderPolicy()`	Configures the Cross-Origin-Embedder-Policy header.
`ServerHttpSecurity.HeaderSpec`	`crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer)`	Configures the Cross-Origin-Embedder-Policy header.
`ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec`	`crossOriginOpenerPolicy()`	Configures the Cross-Origin-Opener-Policy header.
`ServerHttpSecurity.HeaderSpec`	`crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer)`	Configures the Cross-Origin-Opener-Policy header.
`ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec`	`crossOriginResourcePolicy()`	Configures the Cross-Origin-Resource-Policy header.
`ServerHttpSecurity.HeaderSpec`	`crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer)`	Configures the Cross-Origin-Resource-Policy header.
`ServerHttpSecurity`	`disable()`	Disables http response headers
`ServerHttpSecurity.HeaderSpec.FeaturePolicySpec`	`featurePolicy(java.lang.String policyDirectives)`	Deprecated. Use `permissionsPolicy(Customizer)` instead.
`ServerHttpSecurity.HeaderSpec.FrameOptionsSpec`	`frameOptions()`	Configures frame options response headers
`ServerHttpSecurity.HeaderSpec`	`frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer)`	Configures frame options response headers
`ServerHttpSecurity.HeaderSpec.HstsSpec`	`hsts()`	Configures the Strict Transport Security response headers
`ServerHttpSecurity.HeaderSpec`	`hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer)`	Configures the Strict Transport Security response headers
`ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec`	`permissionsPolicy()`	Configures `Permissions-Policy` response header.
`ServerHttpSecurity.HeaderSpec`	`permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer)`	Configures `Permissions-Policy` response header.
`ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec`	`referrerPolicy()`	Configures `Referrer-Policy` response header.
`ServerHttpSecurity.HeaderSpec`	`referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer)`	Configures `Referrer-Policy` response header.
`ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec`	`referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy referrerPolicy)`	Configures `Referrer-Policy` response header.
`ServerHttpSecurity.HeaderSpec`	`writer(ServerHttpHeadersWriter serverHttpHeadersWriter)`	Configures custom headers writer
`ServerHttpSecurity.HeaderSpec.XssProtectionSpec`	`xssProtection()`	Configures x-xss-protection response header.
`ServerHttpSecurity.HeaderSpec`	`xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer)`	Configures x-xss-protection response header.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - and
```
public ServerHttpSecurity and()
```
    Allows method chaining to continue configuring the ServerHttpSecurity
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - disable
```
public ServerHttpSecurity disable()
```
    Disables http response headers
    
    Returns:
    
    the ServerHttpSecurity to continue configuring
  - cache
```
public ServerHttpSecurity.HeaderSpec.CacheSpec cache()
```
    Configures cache control headers
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.CacheSpec to configure
  - cache
```
public ServerHttpSecurity.HeaderSpec cache(Customizer<ServerHttpSecurity.HeaderSpec.CacheSpec> cacheCustomizer)
```
    Configures cache control headers
    
    Parameters:
    
    cacheCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.CacheSpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - contentTypeOptions
```
public ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec contentTypeOptions()
```
    Configures content type response headers
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec to configure
  - contentTypeOptions
```
public ServerHttpSecurity.HeaderSpec contentTypeOptions(Customizer<ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec> contentTypeOptionsCustomizer)
```
    Configures content type response headers
    
    Parameters:
    
    contentTypeOptionsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - frameOptions
```
public ServerHttpSecurity.HeaderSpec.FrameOptionsSpec frameOptions()
```
    Configures frame options response headers
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.FrameOptionsSpec to configure
  - frameOptions
```
public ServerHttpSecurity.HeaderSpec frameOptions(Customizer<ServerHttpSecurity.HeaderSpec.FrameOptionsSpec> frameOptionsCustomizer)
```
    Configures frame options response headers
    
    Parameters:
    
    frameOptionsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.FrameOptionsSpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - writer
```
public ServerHttpSecurity.HeaderSpec writer(ServerHttpHeadersWriter serverHttpHeadersWriter)
```
    Configures custom headers writer
    
    Parameters:
    
    serverHttpHeadersWriter - the ServerHttpHeadersWriter to provide custom headers writer
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
    
    Since:
    
    5.3.0
  - hsts
```
public ServerHttpSecurity.HeaderSpec.HstsSpec hsts()
```
    Configures the Strict Transport Security response headers
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.HstsSpec to configure
  - hsts
```
public ServerHttpSecurity.HeaderSpec hsts(Customizer<ServerHttpSecurity.HeaderSpec.HstsSpec> hstsCustomizer)
```
    Configures the Strict Transport Security response headers
    
    Parameters:
    
    hstsCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.HstsSpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - configure
```
protected void configure(ServerHttpSecurity http)
```
  - xssProtection
```
public ServerHttpSecurity.HeaderSpec.XssProtectionSpec xssProtection()
```
    Configures x-xss-protection response header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.XssProtectionSpec to configure
  - xssProtection
```
public ServerHttpSecurity.HeaderSpec xssProtection(Customizer<ServerHttpSecurity.HeaderSpec.XssProtectionSpec> xssProtectionCustomizer)
```
    Configures x-xss-protection response header.
    
    Parameters:
    
    xssProtectionCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.XssProtectionSpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - contentSecurityPolicy
```
public ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec contentSecurityPolicy(java.lang.String policyDirectives)
```
    Configures Content-Security-Policy response header.
    
    Parameters:
    
    policyDirectives - the policy directive(s)
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec to configure
  - contentSecurityPolicy
```
public ServerHttpSecurity.HeaderSpec contentSecurityPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec> contentSecurityPolicyCustomizer)
```
    Configures Content-Security-Policy response header.
    
    Parameters:
    
    contentSecurityPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - featurePolicy
```
@Deprecated
public ServerHttpSecurity.HeaderSpec.FeaturePolicySpec featurePolicy(java.lang.String policyDirectives)
```
    Deprecated.
    Use permissionsPolicy(Customizer) instead.
    
    Configures Feature-Policy response header.
    
    Parameters:
    
    policyDirectives - the policy
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.FeaturePolicySpec to configure
  - permissionsPolicy
```
public ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec permissionsPolicy()
```
    Configures Permissions-Policy response header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec to configure
  - permissionsPolicy
```
public ServerHttpSecurity.HeaderSpec permissionsPolicy(Customizer<ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec> permissionsPolicyCustomizer)
```
    Configures Permissions-Policy response header.
    
    Parameters:
    
    permissionsPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - referrerPolicy
```
public ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy referrerPolicy)
```
    Configures Referrer-Policy response header.
    
    Parameters:
    
    referrerPolicy - the policy to use
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec to configure
  - referrerPolicy
```
public ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec referrerPolicy()
```
    Configures Referrer-Policy response header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec to configure
  - referrerPolicy
```
public ServerHttpSecurity.HeaderSpec referrerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec> referrerPolicyCustomizer)
```
    Configures Referrer-Policy response header.
    
    Parameters:
    
    referrerPolicyCustomizer - the Customizer to provide more options for the ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
  - crossOriginOpenerPolicy
```
public ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec crossOriginOpenerPolicy()
```
    Configures the Cross-Origin-Opener-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec to configure
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginOpenerPolicyServerHttpHeadersWriter
  - crossOriginOpenerPolicy
```
public ServerHttpSecurity.HeaderSpec crossOriginOpenerPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec> crossOriginOpenerPolicyCustomizer)
```
    Configures the Cross-Origin-Opener-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginOpenerPolicyServerHttpHeadersWriter
  - crossOriginEmbedderPolicy
```
public ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec crossOriginEmbedderPolicy()
```
    Configures the Cross-Origin-Embedder-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec to configure
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginEmbedderPolicyServerHttpHeadersWriter
  - crossOriginEmbedderPolicy
```
public ServerHttpSecurity.HeaderSpec crossOriginEmbedderPolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec> crossOriginEmbedderPolicyCustomizer)
```
    Configures the Cross-Origin-Embedder-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginEmbedderPolicyServerHttpHeadersWriter
  - crossOriginResourcePolicy
```
public ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec crossOriginResourcePolicy()
```
    Configures the Cross-Origin-Resource-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec to configure
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginResourcePolicyServerHttpHeadersWriter
  - crossOriginResourcePolicy
```
public ServerHttpSecurity.HeaderSpec crossOriginResourcePolicy(Customizer<ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec> crossOriginResourcePolicyCustomizer)
```
    Configures the Cross-Origin-Resource-Policy header.
    
    Returns:
    
    the ServerHttpSecurity.HeaderSpec to customize
    
    Since:
    
    5.7
    
    See Also:
    
    CrossOriginResourcePolicyServerHttpHeadersWriter

Class ServerHttpSecurity.HeaderSpec

Nested Class Summary

Method Summary

Methods inherited from class java.lang.Object

Method Detail

and

disable

cache

cache

contentTypeOptions

contentTypeOptions

frameOptions

frameOptions

writer

hsts

hsts

configure

xssProtection

xssProtection

contentSecurityPolicy

contentSecurityPolicy

featurePolicy

permissionsPolicy

permissionsPolicy

referrerPolicy

referrerPolicy

referrerPolicy

crossOriginOpenerPolicy

crossOriginOpenerPolicy

crossOriginEmbedderPolicy

crossOriginEmbedderPolicy

crossOriginResourcePolicy

crossOriginResourcePolicy