3728544 - Missing COOP/CORP/COEP header in Cloud Portal / SAP Build Work Zone, standard edition / SAP Build Work Zone, advanced edition

Symptom

Receive security audit findings regarding missing security headers (COOP/CORP/COEP) in BTP Cloud Portal Service / SAP Build Work Zone, standard edition / SAP Build Work Zone, advanced edition.

----------------------------------------

Impact URL(s): /site?siteId=**** (site URL)

Missing Headers:
- Cross-Origin-Opener-Policy (COOP)
- Cross-Origin-Resource-Policy (CORP)
- Cross-Origin-Embedder-Policy (COEP)

----------------------------------------

Want to know if there are any security risks not using COOP/CORP/COEP headers.

Environment

SAP BTP Cloud Portal Service running in Cloud Foundry(CF)
SAP Build Work Zone, standard edition
SAP Build Work Zone, advanced edition

Product

SAP Build Work Zone, advanced edition all versions ; SAP Build Work Zone, standard edition all versions ; SAP Cloud Portal service all versions

Keywords

security header, missing header, cf, work zone, cloud portal, COOP, CORP, COEP, Cross-Origin-Opener-Policy, Cross-Origin-Resource-Policy, Cross-Origin-Embedder-Policy, cross origin , KBA , EP-WZ-SM , Site Management (non selectable) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.