crucial security headers — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

crucial security headers

Hi Team,

Apex version 24.2

ORDS version 23.4

DB version 19.27

Please provide an update as this is a security concern.

We have done a security vulnerability scan against our Apex application behind OCI Load Balancer with WAF integration. The scan reported the following:

"It was observed that crucial security headers are missing from the application. Below are the headers missing:
Strict Transport Security
Content Security Policy
X-Frame-Options"
 

Recommendation:

"It is recommended to implement Strict-Transport-Security (HSTS): max-age=31536000; include Subdomains; preload  
X-FRAME-OPTIONS: SAMEORIGIN / DENY
Referrer-Policy: no-referrer | same-origin | origin | strict-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()
Content security policy like: default-src 'self';
script-src 'self' https://trusted-scripts.example.com;

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!