Can secure SSL Headers be configured in Performance Management

Article Id: 145173

Status: Published

Updated On: 14-02-2020 09:26

Products:

CA Infrastructure Management , CA Performance Management - Usage and Administration , DX NetOps

Issue/Introduction:

A new Security concern has been raised by internal audits.

The remote HTTPS server does not send the HTTP ""Strict-Transport-Security"" header.

Is this something that can be configured within Performance Management?

Environment:

All supported Performance Management releases

Resolution:

There will be new options added allowing users to configure the following custom header values for the following options.

X-Content-Type-Options
X-XSS-Protection
Strict-Transport-Security

These will not be configured by default. It will be left up to the end user to determine what should or should not be configured.

These new options are being worked on within engineering via User Story US591131. It's current ETA is slated for inclusion starting with the r3.7.9 release, which is subject to change.