SAP SE
SECURITY HEADERS FOR CLOUD-NATIVE APPLICATIONS

Abstract:

A request is received by a gateway. A response to the request is received by the gateway. It is determined that the request comprises a User-Agent request header. In response to determining that the request comprises a User-Agent request header, a type setting of a Content-Type response header is determined. In response to determining that the type setting of the Content-Type response header indicates HTML content, a security header is added to the response. The response responsive to the request is returned.