I have used below code in filter but it doesn't work make my http to https. I am not sure if I need to register it in resources.groovy because I am little new to groovy.
addHeader(uri: '/*') {
before = {
response.setHeader("Strict-Transport-Security", "max-age=31536000;")
}
}
Similarly I need to implement X-Content-Type-Options as well and looking into it.
You can use Channel security (part of spring security grails plugin) for this purpose. It will be much easier. https://grails-plugins.github.io/grails-spring-security-core/v2/guide/channelSecurity.html
If you need help with configuration, please specify grails version of your application.