search cancel

Missing Security Headers.

book

Article ID: 186869

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

It was observed that, application was not sending security directives to the client like X-XSS Protection, HSTS (HTTP Strict Transport Security), Content Security Policy, X-Content-Type-Options.

1. Content Security Policy: The content-security-policy HTTP header provides an additional layer of security. This policy helps prevent attacks such as Cross Site Scripting (XSS) and other code injection attacks by defining content sources which are approved and thus allowing the browser to load them.

2. X-XSS Protection: The X-XSS-protection header is designed to enable the cross-site scripting (XSS) filter built into modern web browsers. This is usually enabled by default but using it will enforce it. It is supported by Internet Explorer 8+, Chrome, and Safari.

3. HTTP Strict Transport Security (HSTS): The strict-transport-security header is a security enhancement that restricts web browsers to access web servers solely over HTTPS. This ensures the connection cannot be establish through an insecure HTTP connection which could be susceptible to attacks.

Environment

Release : 12.8.03

Component : SITEMINDER -WEB AGENT FOR APACHE

Resolution

Content Security Policy :

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/define-the-security-policy-for-a-web-application-in-an-application-object/how-to-define-the-security-policy-for-a-web-application-in-an-application-object.html


X-XSS Protection:

https://community.broadcom.com/browse/blogs/blogviewer?BlogKey=d73b85a7-4538-479e-828f-abba0567383f&CommunityKey=f9d65308-ca9b-48b7-915c-7e9cb8fc3295


HTTP Strict Transport Security (HSTS):

https://community.broadcom.com/communities/community-home/digestviewer/viewthread?MID=761407