The following are cautionary notes on using the gateway specification functionality:

• Specifying the host name and port number of an URL where an access is redirected:
  A browser usually sends a request with the Host header appended, so it is not necessary to specify the host name or port number for an URL where access is to be redirected.
  Note that you can check whether or not the request has the Host header by calling the getHeader method of the javax.servlet.http.HttpServletRequest class, with the Host argument specified.
  
• Servlet API behavior:
  Using the gateway specification functionality causes some servlet API functions to behave differently. Take care when using API functions with a Web application.
  For details on the servlet API functionality where the operations change, see 6.2.2(10) Precautions for using the gateway specification functionality.
  
• The <transport-guarantee> tag in web.xml:
  When you use the gateway specification functionality to specify that a scheme is to be considered as HTTPS, a request to a Web server will be considered to use HTTPS even if the request actually uses HTTP. Note that this prevents an access from being redirected to an URL that uses HTTPS, even if you specify INTEGRAL or CONFIDENTIAL in the <transport-guarantee> tag in web.xml.
  
• The Secure attribute for cookies:
  When you use the gateway specification functionality to specify that a scheme is to be considered as HTTPS, when a session ID generated by a Web container is returned to the client by the session cookie, the Secure attribute is appended to the cookie.
  
• Communicating with the Web server without passing the gateway
  When you enable the gateway specification functionality in the redirector, you cannot perform direct HTTP communication without unless passing through the gateway, such as the SSL accelerator and load balancer, in the Web server.