Communication Between Client and ABAP Front-End Server 
For transactional apps, the client can issue the following types of requests to the ABAP front-end server:
HTML requests
OData requests
For communication between the client and the ABAP front-end server, an HTTPS connection is established.
Activities
To set up the connections between SAP Web Dispatcher and the ABAP servers, you must make the following settings:
You must configure HTTP security session management for the ABAP front-end server.
You must configure the ABAP front-end server for supporting SSL.
Note
If you implement SAP Fiori transactional apps in an internet-facing scenario, SAP recommends that you deploy SAP Web Dispatcher in a demilitarized zone (DMZ). For more information, see Internet-Facing Deployment.
To ensure confidentiality and integrity of data, SAP recommends protecting HTTP connections by using Transport Layer Security (TLS) or Secure Sockets Layer (SSL). For information about setting up communication encryption for SAP NetWeaver, see the following documentation:
For SAP NetWeaver 7.31, see the SAP Help Portal at
http://help.sap.com/nw731 
Security Information Security Guide Network and Communication Security Transport Layer Security 
.For SAP NetWeaver 7.4, see the SAP Help Portal at
http://help.sap.com/nw74 Security Information Security Guide Network and Communication Security Transport Layer Security .
Note
A token-based protection against Cross-Side Request Forgery (CSRF) is active by default in SAP Gateway and SAP HANA XS Fiori OData services. It protects all modifying requests.