SAP Knowledge Base Article - Public

3075023 - Content Security Policy (CSP) in RCM career site


Is it possible to add Content Security Policy (CSP) in RCM career site ?


SAP SuccessFactors Recruiting Recruiting Management
SAP SuccessFactors Recruiting Marketing


We have confirmed with a Product Management team that this is not secruity violation  as Content Security Policy (CSP) header is currently not required for RCM.


The content security policy is designed to guard against cross-site scripting (XSS) attacks through the use of a Content-Security-Policy HTTP response header that lets you control the resources allowed to load for a web page. The headers are used in career site pages owned by the organization (such as, where <example> is your organization's name), but not in the Candidate Profile and other pages generated within SAP SuccessFactors Recruiting.

This only supported via RMK - CSB . If customers want to add the functionality of adding this in the header in RCM  then you can raise an enhancement request in this article 2090228 - How to Submit Ideas for SAP SuccessFactors Products.


Content Security Policy (CPS) Missing, CSP, Vulnerability, CSP Header, RMK, Career Site, CSB, RCM Career Site , KBA , LOD-SF-RCM-POR , Career and Agency Portals , LOD-SF-RMK-CSB , Career Site Builder , Product Enhancement


SAP SuccessFactors HXM Core 2105