Can secure SSL Headers be configured in Performance Management
Article ID: 145173
Updated On:
Products
CA Infrastructure Management
CA Performance Management - Usage and Administration
DX NetOps
Issue/Introduction
A new Security concern has been raised by internal audits.
The remote HTTPS server does not send the HTTP ""Strict-Transport-Security"" header.
Is this something that can be configured within Performance Management?
Environment
All supported Performance Management releases
Resolution
There will be new options added allowing users to configure the following custom header values for the following options.
These will not be configured by default. It will be left up to the end user to determine what should or should not be configured.
These new options are being worked on within engineering via User Story US591131. It's current ETA is slated for inclusion starting with the r3.7.9 release, which is subject to change.
- X-Content-Type-Options
- X-XSS-Protection
- Strict-Transport-Security
These will not be configured by default. It will be left up to the end user to determine what should or should not be configured.
These new options are being worked on within engineering via User Story US591131. It's current ETA is slated for inclusion starting with the r3.7.9 release, which is subject to change.
Feedback
Powered by
