Symptoms

Dear,

The follwoing issues has been ientified during security scanning.

1. Missing "Content-Security-Policy" header
2. Missing "X-Content-Type-Options" header
3. Missing "X-XSS-Protection" header
4. Missing HTTP Strict-Transport-Security Header

Kindly check the attchemnt for detailed info.
Please provide the solution to fix these issues.
 

Diagnoses

"
These headers can have different values and the client will need to determine which values are most appropriate to their environment - There are a lot of resources on the internet explaining each.

The below are examples of each one and are merely suggestions - As stated before, the client will need to test their solutions thoroughly when applying these.

Content-Security-Policy



X-Content-Type-Options
Note that this one can cause issues if we do not return the correct content type - If such errors occur we will have to fix it before this header can be used.




X-XSS-Protection



HTTP Strict-Transport-Security

"
 

Resolution

customer closed the ticket after the following feed back:
"
These headers can have different values and the client will need to determine which values are most appropriate to their environment - There are a lot of resources on the internet explaining each.

The below are examples of each one and are merely suggestions - As stated before, the client will need to test their solutions thoroughly when applying these.

Content-Security-Policy



X-Content-Type-Options
Note that this one can cause issues if we do not return the correct content type - If such errors occur we will have to fix it before this header can be used.




X-XSS-Protection



HTTP Strict-Transport-Security

"