Perform the following steps on all CA Service Catalog Tomcat Web Servers:
For example: C:\Program Files\CA\Service Catalog\view\webapps\usm\WEB-INF\web.xml
Add configuration under the <!-- Add filter here --> statement:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingEnabled</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<param-name>blockContentTypeSniffingEnabled</param-name>
<param-value>false</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
4. Add following configuration under the <!-- Add filter-mapping here --> statement:
5. Close the web.xml file.
6. Restart CA Service Catalog Services.
===========================