You can find additional information about JWT token hardening on this cheat sheet. The following entries in a web application's web.xml would enable the If you're curious about more governance details, we have a description of Apache style governance. Blocked by CSP