From 988e97e366866fcd02cdc6f2af29040c87958682 Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@vmware.com>
Date: Tue, 30 Jul 2013 11:09:16 -0500
Subject: [PATCH] SEC-2230: Polish headers reference

---
 docs/manual/src/docbook/namespace-config.xml | 22 +++++++++++++++-----
 1 file changed, 17 insertions(+), 5 deletions(-)

diff --git a/docs/manual/src/docbook/namespace-config.xml b/docs/manual/src/docbook/namespace-config.xml
index 8153b1fc54..cad1a2ba66 100644
--- a/docs/manual/src/docbook/namespace-config.xml
+++ b/docs/manual/src/docbook/namespace-config.xml
@@ -614,24 +614,36 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
             <para>A lot of different attacks to hijack content, sessions or connections are available and lately
                 browsers (optionally) can help to prevent those attacks. To enable these features we need to send some
                 additional headers to the client. Spring Security allows for easy configuration for several headers.
+                <progamlisting language="xml">
+                    <![CDATA[
+                            <headers/>
+                    ]]>
+                </progamlisting>
+            </para>
+            <para>Specifying the single headers element adds all the explicitly supported headers
+                with their default settings. If you only want select headers to be added,
+                you can add one or more of the child elements as shown below.
                 <progamlisting language="xml">
                     <![CDATA[
                             <headers>
                                 <!-- Add Cache-Control and Pragma headers -->
                                 <cache-control/>
-                                <!-- Adds X-XSS-Protection with value of 1 -->
-                                <xss-protection/>
-                                <!-- Add X-Frame-Options with a value of DENY -->
-                                <frame-options/>
                                 <!-- Add X-Content-Type-Options with value of nosniff -->
                                 <content-type-options/>
                                 <!-- Add custom headers -->
                                 <header name="foo" value="bar"/>
+                                <-- Adds HTTP Strict Transport Security (HSTS) for secure requests -->
+                                <hsts/>
+                                <!-- Add X-Frame-Options with a value of DENY -->
+                                <frame-options/>
+                                <!-- Adds X-XSS-Protection with value of 1; mode=block-->
+                                <xss-protection/>
                             </headers>
                     ]]>
                 </progamlisting>
             </para>
-            <para>For additional information refer to <link xlink:href="nsa-headers">headers</link> section of the Security Namespace appendix.</para>
+            <para>For additional information on how to customize the headers element refer to the <link xlink:href="nsa-headers">headers</link>
+                section of the Security Namespace appendix.</para>
         </section>
         <section xml:id="ns-custom-filters">
             <title>Adding in Your Own Filters</title>