Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more.
Get startedGrow your Fabric skills and prepare for the DP-600 certification exam by completing the latest Microsoft Fabric challenge.
During the security scanning for Microsoft power bi server, one of our client has identified few response headers and other defects.
As we have seen that the report server doesn't have an option to set up the web server and response header configurations, could you please assist us in setting up the response headers for the BI Server.
below are the reported defects.
- Cross site scripting (content-sniffing)
Affected Item (/reports/api/v2.0/SystemResources)
- Slow HTTP Denial of Service Attack
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
- Cookies with missing, inconsistent or contradictory propertiesAffected Item (/RPA/Cookie_Validator.js)
- HTTP Strict Transport Security (HSTS) not implemented
- Content Security Policy (CSP) not implemented / Insecure Referrer Policy
For majority of the defects, we cannot apply the fixes as the web server property is not found or urlrewrite cannot be found as part of the report server.
Please advise
Thank You,
Abdul Jaleel
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.