SAP Knowledge Base Article - Preview

3008779 - Neo Fiori Portal Missing HTTP Header Content Security Policy (CSP)


To increase the security of the web applications, some HTTP headers can be used to instruct the browser to follow certain rules. This may prevent attacks or make them more difficult to execute.

CSP HTTP header should be evaluated to be included in the web application.

Content Security Policy
CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for various purposes such as data theft, site defacement, distribution of malware, etc.



SAP Cloud Platform


SAP BTP, Neo environment 1.0 ; SAP Build Work Zone, standard edition 1.0 ; SAP HANA, platform edition 2.0


KBA , CA-FLP-FE-AI , Fiori Launchpad Application Integration , BC-NEO-RT-HTML5 , Runtime HTML5 Applications , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.