Can secure SSL Headers be configured in Performance Management

book

Article ID: 145173

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

A new Security concern has been raised by internal audits.

The remote HTTPS server does not send the HTTP  ""Strict-Transport-Security"" header.

Is this something that can be configured within Performance Management?

Environment

All supported Performance Management releases

Resolution

There will be new options added allowing users to configure the following custom header values for the following options.

  • X-Content-Type-Options
  • X-XSS-Protection
  • Strict-Transport-Security

These will not be configured by default. It will be left up to the end user to determine what should or should not be configured.

These new options are being worked on within engineering via User Story US591131. It's current ETA is slated for inclusion starting with the r3.7.9 release, which is subject to change.