on 2022 Oct 27 2:50 PM
Hi,
Our security team came to us regarding an issue found with our BOE Platform installation. They are mentioning that our web application has some missing required http headers when BitSight scanned it. Now, I'm not sure where to look and i've seen no information on SAP support on this
Has anyone encountered a similar situation on this?
For reference, they are looking for these particular header fields:
Cache-Control, Content-Security-Policy, Strict-Transport-Security and X-Content-Type-Options.
So this will appear every time they do a BitSight scan? Is there a way to resolve this so that it does not appear on their scans? Or the only way to resolve this is to upgrade to 4.3 as that is where the nosniff option is supported?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Please check SAP note:
3221263 - Does SAP BusinessObjects support the X-Content-Type-Options nosniff option?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
71 | |
11 | |
10 | |
10 | |
10 | |
8 | |
7 | |
7 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.