3108796 - Missing X-Frame-Options / X-XSS-Protection header in Cloud Portal/SAP Build Work Zone, standard edition running in BTP Cloud Foundry

After penetration testing against site created in Cloud Portal Service/SAP Build Work Zone, standard edition, running on BTP Cloud Foundry, following security risk get detected:
--------------------------------------------------------------------------------------------------------
Findings: Missing X-XSS-Protection Header
Risk Level: Low
Impact URL(s): <site URL>
 
Observations:
We detected a missing X-XSS-Protection header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.  
The HTTP X-XSS-Protection response header is a feature of Internet Explorer, Chrome and Safari that stops pages from loading when they detect reflected XSS attacks.
 
Recommendations:
It is recommended that the following be implemented:
• Add the X-XSS-Protection header with a value of "1; mode= block".
--------------------------------------------------------------------------------------------------------

or 
--------------------------------------------------------------------------------------------------------
Findings: X-Frame-Options header not Implemented
Risk Level: Low
Impact URL(s): <site URL>

Recommendations:
It is recommended to implement X-Frame-Options on server side HTTPS response.
--------------------------------------------------------------------------------------------------------

• SAP BTP Cloud Portal Service running in Cloud Foundry(CF)
• SAP Build Work Zone, standard edition

CF, missing header, header is missing, lacking, neo, launchpad service, X-Frame-Options, deny, script-src, default-src, connect-src, img-src, frame-src, style-src, font-src, worker-src, frame-ancestors , KBA , EP-WZ-AAH , Approuter(not standalone), Old Exp Activation, HTMLBootstrap , EP-CPP-CF-LP , Launchpad Content (Apps, Groups, Catalogs, Roles) , Problem