cancel
Showing results for 
Search instead for 
Did you mean: 

Required HTTP Headers BitSight - SAP BOE

wallbertelicot
Explorer
0 Kudos
940

Hi,

Our security team came to us regarding an issue found with our BOE Platform installation. They are mentioning that our web application has some missing required http headers when BitSight scanned it. Now, I'm not sure where to look and i've seen no information on SAP support on this

Has anyone encountered a similar situation on this?

For reference, they are looking for these particular header fields:
Cache-Control, Content-Security-Policy, Strict-Transport-Security and X-Content-Type-Options.

View Entire Topic
wallbertelicot
Explorer
0 Kudos

So this will appear every time they do a BitSight scan? Is there a way to resolve this so that it does not appear on their scans? Or the only way to resolve this is to upgrade to 4.3 as that is where the nosniff option is supported?