Hi,
Our recent implementation have undergone security and penetration testing and One of the low but important finding the security team have raised that " the application is missing or does not use consistently mechanisms such as SameSite cookie marking, HSTS and content sniffing." and the description of the risk states "Web application may be vulnerable to a variety of well-known risks due to foundational web application defence mechanisms not being implemented and/or enabled."
Is there a way to fix / configuration properties to adjust/avoid security threats related to HSTS and content sniffing ?
Current implementation is on Hybris 1808 on Commerce Cloud v2.
Bluesky
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.