/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
You are using third party security scan tool to check a EP system and it reports issue "Missing Content-Security-Policy header" as a risk. The text may look like below.
---------------------
Missing Content-Security-Policy header
Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.
It is possible to persuade a naive user to supply sensitive information such as a username, password, credit card number, social security number etc.
Fix: Config your server to use the "Content-Security-Policy" header
---------------------
Read more...
Environment
NetWeaver AS Java all releases
Product
Keywords
security risk, security vulnerability, Content-Security-Policy , KBA , EP-PIN-PRT , Portal Runtime , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)