on 08-25-2020 5:27 PM
Hi,
"HTTP Security Header Not Detected" is one of many security vulnerabilities from third party network scan. As per the solution provided, I need to set proper X frame option, X-Xss-protection, X-content-type-option and strict-transport-security. Our env consists of Fiori and ECC system. Any idea where to set these settings to fix this vulnerability?
Thanks
Thanks. I will check the note.
SAP_BASIS is on 740 Sp16
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
SAP Note 2860209 enables the X-Xss-protection header for WEBGUI (Handler CL_HTTP_EXT_ITS_2, used in new releases).
Regards,
Cris
Hello,
Check SAP Note 2202116 - Support of HTTP Strict Transport Security.
If you share the SAP_BASIS version and SP level, then I can see about the other headers.
Regards,
Cris
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.