CSP/X-Frame Options Missing and HSTS Max-Age Too Low in Jive HTTP Headers

Overview

You have recently done a security audit of Jive

CSP audit revealed that X-Frame options are missing.
The HSTS Max-Age is set to 15768000 (6 months), and you want to make this a larger value.

Information

The X-Frame-Options header has been set to ‘SAMEORIGIN’ in Jive Cloud release 3006.5.1 (Issue Key JVCLD-93610).

The HSTS Max-Age is functioning as designed and has been set to 15768000 seconds (6 months) by the Jive Engineering team. If you would like to have this change, please contact support to create a feature request.

The above screenshot is from a scan done on https://securityheaders.com.

See JVCLD-93610 for the X-Frame issue.

See JVCLD-109429 for the HSTS issue.

</supportagent>

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Priyanka Bhotika
Posted

Comments

Please sign in to comment

CSP/X-Frame Options Missing and HSTS Max-Age Too Low in Jive HTTP Headers

Overview

Information

Priyanka Bhotika

Comments