Skip to main content
Version: 5.7.x.x Java 8 ELS

Secure defaults

Some filter and servlet parameters provide both a normal and a secure default value. If you use the secure default values, you enhance the security of your installation. This is, however, at the price of possibly breaking the backward compatibility with older, not up-to-date backends and browsers. The normal default values usually ensure backward compatibility, but your installation will be less secure. Therefore it is recommended to use the secure default values.

To enable the use of secure defaults, set the bc property ch.nevis.nevisproxy.UseSecureDefaults to true.

The system takes the secure default value in the following cases:

  • The parameter is not explicitly configured in the filter or servlet itself.
  • The parameter is not configured via a profile set in the filter or servlet.