I’m running compliance scans on our network as we look to get more secure. Our ERP provider uses Payara in a small capacity for connecting a web service to their site. When I run my scans it gives me an error stating:
HTTP Security Header Not Detected:
Result
X-Content-Type-Options HTTP Header missing on port XXXX.
GET / HTTP/1.1
Host: XXX.XXX.XXX.XXX:XXXX
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
HTTP/1.1 200 OK
Server: Payara Server 5.2022.3 #badassfish
X-Powered-By: Servlet/4.0 JSP/2.3 (Payara Server 5.2022.3 #badassfish Java/Amazon.com Inc./1.8)
Accept-Ranges: bytes
ETag: W/“4566-1668630938298”
Last-Modified: Wed, 16 Nov 2022 20:35:38 GMT
Content-Type: text/html
Content-Length: 4566
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security HTTP Header missing on port XXXX.