It was observed that the application was not sending security directives to the client's browser like Content Security Policy (1), X-XSS Protection (2), HSTS (HTTP Strict Transport Security) (3), and X-Content-Type-Options (4).
Mainly, the control of these headers is maintained and configured at the Web Server level such as IIS (5) and Apache (6).
Siteminder doesn't have a direct and specific configuration to implement: