crucial security headers — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

crucial security headers

in OCI - General 5 comments

Hi Team,

Apex version 24.2

ORDS version 23.4

DB version 19.27

Please provide an update as this is a security concern.

We have done a security vulnerability scan against our Apex application behind OCI Load Balancer with WAF integration. The scan reported the following:

"It was observed that crucial security headers are missing from the application. Below are the headers missing:
Strict Transport Security
Content Security Policy
X-Frame-Options"
 

Recommendation:

"It is recommended to implement Strict-Transport-Security (HSTS): max-age=31536000; include Subdomains; preload  
X-FRAME-OPTIONS: SAMEORIGIN / DENY
Referrer-Policy: no-referrer | same-origin | origin | strict-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()
Content security policy like: default-src 'self';
script-src 'self' https://trusted-scripts.example.com;

Tagged:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!