BaselineHandler remote file inclusion Code Injection rejects requests with Save-Data header.
adding an exclusion for that header leaves the applications vulnerable.
A new fix coming? Any known workaround?
Could you raise a support case for this and the others? Would be good to track these together. Thanks!