Release : v12.2 / v12.3
Component : AUTOMATION ENGINE
While this is Tomcat specific, the adding the following to conf/web.xml may be successful :
<filter>
<filter-name>httpHeaderSecurity</filter- name>
<filter-class>org.apache.catalina.filters. HttpHeaderSecurityFilter</ filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>hstsIncludeSubDomains</param- name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>xssProtectionEnabled</param- name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>blockContentTypeSniffingEnable d</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- The mapping for the HTTP header security Filter -->
<filter-mapping>
<filter-name>httpHeaderSecurity</filter- name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>