Some security teams will mandate that you set HTTP Security Headers in Responses.
Examples:
X-Frame-Options
X-XSS-Protection
X-Content-Type-Options
Strict-Transport-Security
This article will discuss setting them in Siteminder Access Gateway.
This article also applies to Web Agent when running on Apache or IBM Http Server.
Release : Any
Component : Siteminder Access Gateway
HTTP Security Headers are not enabled by default and are considered optional.