SAP Knowledge Base Article - Preview

3091169 - ICM (Internet Communication Manager) General guidelines on HTTP vulnerability scans


An HTTP entry point URL of a Netweaver system is submitted into a web Application Vulnerability Scanner (i.e. As result, there might be some HTTP headers considered missing and/or the presence of others can be deemed as a potential vulnerability.



  • SAP Netweaver
  • Internet Communication Manager
  • SAP Web Dispatcher


SAP NetWeaver all versions


Missing Security Headers, HTST, CSP, Content Security Policy, X-Frame-Options, CSRF Token, X-XSS-Protection, X-Content-Type-Options , KBA , BC-CST-IC , Internet Communication Manager , BC-CST-WDP , Web Dispatcher , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.