HTTP Security Header Not Detected

former_member275479 · ‎08-25-2020

Hi,

"HTTP Security Header Not Detected" is one of many security vulnerabilities from third party network scan. As per the solution provided, I need to set proper X frame option, X-Xss-protection, X-content-type-option and strict-transport-security. Our env consists of Fiori and ECC system. Any idea where to set these settings to fix this vulnerability?

Thanks

former_member706793 · ‎08-25-2020

Thanks. I will check the note.

SAP_BASIS is on 740 Sp16

cris_hansen · ‎08-25-2020

Hello,

Check SAP Note 2202116 - Support of HTTP Strict Transport Security.

If you share the SAP_BASIS version and SP level, then I can see about the other headers.

Regards,

Cris

HTTP Security Header Not Detected

Accepted Solutions (0)

Answers (2)

Answers (2)

Re: "Failed to update setup engine executables. Pr...

Re: Timer showing while sending the mails from SAP

Re: Best practice to connect to multiple databases...

SAP Hana Calculation view input parameter from JPA...

Re: Adaptation error in sap mdg ui screen customer