SAP Knowledge Base Article - Preview

3395555 - Security Vulnerability HTTP Security Header Not Detected - Data Services

Symptom

'HTTP Security Header Not Detected' vulnerability observed. It was reported by Security Assurance team to properly set X-Content-Type-Options and Strict-Transport-Security response headers

Refer below links for more information about these response headers.

X-Content-Type-Options:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Strict-Transport-Security:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Securit


Read more...

Environment

Data Services 4.2, 4.3

Keywords

HTST, url,  , KBA , EIM-DS-SVR , Administration/Server , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.