Cloudera Docs

Configuring HSTS for Spark

You can configure Apache Spark to include HTTP headers to prevent Cross-Site Scripting (XSS), Cross-Frame Scripting (XFS), MIME-Sniffing, and also enforce HTTP Strict Transport Security (HSTS).

  1. Go to the Spark service.
  2. Click the Configuration tab.
  3. Select History Server under Scope.
  4. Select Advanced under Category.
  5. Set the following HSTS credentials in History Server Advanced Configuration Snippet (Safety Valve) for spark-conf/spark-history-server.conf. 
    spark.ui.strictTransportSecurity=max-age=31536000;includeSubDomains
  6. Restart the Spark service.