webservice – HTTP Security Headers in S/4 HANA web applications

We have 3-4 S/4 HANA applications in our environment and want to enable HTTP Security Headers, but couldn’t figure out how to go about it. We then approached SAP directly and even their solutions are not working, and their support team has a pretty vague and dissatisfactory answer,they said that the application doesn’t require such headers security mechanisms are already in place to mitigate a variety of attacks.

Now me and my team are helpless. Has someone achieved it? The application in question are SRM, Fiori, GRC & ROS.

In case this question doesn’t belong here please let me know, will move it to a different site.

Enabling HTTP Security headers in S/4 Hana web applications

We have 3-4 S/4 HANA applications in our environment and want to enable HTTP Security Headers, but couldn’t figure out how to go about it. We then approached SAP directly and even their solutions are not working, and their support team has a pretty vague and dissatisfactory answer,they said that the application doesn’t require such headers security mechanisms are already in place to mitigate a variety of attacks.

Now me and my team are helpless. Has someone achieved it? The application in question are SRM, Fiori, GRC & ROS.

Security Benefits of Having a Content Security Policy for a Domain Loaded through iframe

Consider the below scenario:

There’s a checkout webpage that can be accessed at checkout.example.com. This page has decent security policy. But just to prevent any credit card info leakage, credit card information editing panel is in an iframe and this panel can be loaded from cc.example.com.

Now, are there any security benefits for having a good Content Security Policy for cc.example.com when we are loading it in an iframe in checkout.example.com?