search cancel

Can secure SSL Headers be configured in Performance Management


Article ID: 145173


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


A new Security concern has been raised by internal audits.

The remote HTTPS server does not send the HTTP  ""Strict-Transport-Security"" header.

Is this something that can be configured within Performance Management?


All supported Performance Management releases


There will be new options added allowing users to configure the following custom header values for the following options.

  • X-Content-Type-Options
  • X-XSS-Protection
  • Strict-Transport-Security

These will not be configured by default. It will be left up to the end user to determine what should or should not be configured.

These new options are being worked on within engineering via User Story US591131. It's current ETA is slated for inclusion starting with the r3.7.9 release, which is subject to change.