Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

HTTP Security Header Not Detected

Former Member

on ‎2020 Aug 25 5:27 PM

3,042

Hi,

"HTTP Security Header Not Detected" is one of many security vulnerabilities from third party network scan. As per the solution provided, I need to set proper X frame option, X-Xss-protection, X-content-type-option and strict-transport-security. Our env consists of Fiori and ECC system. Any idea where to set these settings to fix this vulnerability?

Thanks

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member706793
Participant
‎2020 Aug 25 6:11 PM
0 Likes

Thanks. I will check the note.

SAP_BASIS is on 740 Sp16

Show replies
Show replies
cris_hansen
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 26 11:34 PM
0 Likes

Hello,

SAP Note 2860209 enables the X-Xss-protection header for WEBGUI (Handler CL_HTTP_EXT_ITS_2, used in new releases).

Regards,

Cris

cris_hansen
Product and Topic Expert
Product and Topic Expert
‎2020 Aug 25 5:45 PM
0 Likes

Hello,

Check SAP Note 2202116 - Support of HTTP Strict Transport Security.

If you share the SAP_BASIS version and SP level, then I can see about the other headers.

Regards,

Cris

Show replies
Show replies
Ask a Question