Symptom
Permissions-Policy header is missing for Recruiting Marketing (RMK) site.
Environment
- SAP SuccessFactors Recruiting Management
- SAP SuccessFactors Recruiting Marketing
Resolution
Architecture and Security teams have reviewed SAP‘s position on Permissions-Policy header.
Security headers are only a second line of defense and an optional security setting. They are not a security vulnerability on their own.
Permissions-Policy header is currently not a security standard for SAP. Security and Architecture teams state that there is no security risk or gap in this area.
Therefore, we will not be enhancing Career Site Builder product to support the configuration and management of Permissions-Policy header.
To verify the feasibility of having this included in a future version of the system, please submit this enhancement request to our Influence Page by following the instructions available in the article 2090228.
See Also
2090228 - How to submit enhancement ideas for SAP SuccessFactors Products
Keywords
RMK, CSB, Permissions-Policy header, permission policy, security header , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , LOD-SF-RMK-PSI , Security , Product Enhancement