https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112730#M479 <P>Hello,</P><P>we are looking to disable HTTP Options on our cluster activegate, per request from our security team as it has raised concerns about potential vulnerabilities. Is there any way that those options can be disabled?</P><P>Thanks in advance</P><BR /> Tue, 29 Jan 2019 16:28:24 GMT Andy_Evans 2019-01-29T16:28:24Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112730#M479 <P>Hello,</P><P>we are looking to disable HTTP Options on our cluster activegate, per request from our security team as it has raised concerns about potential vulnerabilities. Is there any way that those options can be disabled?</P><P>Thanks in advance</P><BR /> Tue, 29 Jan 2019 16:28:24 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112730#M479 Andy_Evans 2019-01-29T16:28:24Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112731#M480 <P>Hello <A rel="user" href="https://answers.dynatrace.com/users/28939/view.html" nodeid="28939">@Andrew E.</A></P><P>You can use ActiveGate properties for the configuration. These properties are applicable for both Environment ActiveGates and Cluster ActiveGates.</P><P>Have a look on the below link for more insight.</P><P><A href="https://www.dynatrace.com/support/help/deploy-dynatrace/activegate/configuration/configure-activegate/">https://www.dynatrace.com/support/help/deploy-dyna...</A></P><P>Regards,</P><P>Babar</P><BR /> Tue, 29 Jan 2019 16:59:34 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112731#M480 Babar_Qayyum 2019-01-29T16:59:34Z https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112732#M481 <P>HTTP OPTIONS is necessary for REST API and Real user monitoring (beacon forwarders). The server does not respond with sensitive information, thus<BR />is not considered a security vulnerability.</P><P>HTTPS OPTIONS method is also a requirement for CORS<BR />calls: <A href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS</A></P><BR /> Fri, 01 Feb 2019 17:51:13 GMT https://community.dynatrace.com/t5/Dynatrace-Managed-Q-A/Disabling-HTTP-Options/m-p/112732#M481 AlexanderSommer 2019-02-01T17:51:13Z