ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Customer noticed that customer headers were missing only when they reached the login.fcc
book
Article ID: 111098
calendar_today
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
Issue/Introduction
In their Apache httpd.conf they had used the following to set the headers:
Header set X-Content-Type-Options: nosniff Header set X-XSS-Protection 1; mode=block
These headers were missing when the login.fcc was reached and customer wanted to know why as they were visible before and after CA SSO Authentication.
On the initial GET 200 to the login.fcc, the headers are seen: