3395555 - Security Vulnerability HTTP Security Header Not Detected - SAP Data Services 14.3

Symptom

'HTTP Security Header Not Detected' vulnerability observed. It was reported by Security Assurance team to properly set X-Content-Type-Options and Strict-Transport-Security response headers

Refer below links for more information about these response headers.

X-Content-Type-Options:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Strict-Transport-Security:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Securit

Environment

Data Services 4.x

Product

SAP Data Services all versions

Keywords

HTST, url, vulnerability, Data Services Management Console, web.xml, HTTP. Header , KBA , EIM-DS-SVR , Administration/Server , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.