Security headers in load balancer
Hi Team,
Need your expertise.
We have OCI load balancer front end to our apex application.
Our application was scanned by third party team and shared the below vulnerabilty.
We have to add the below security headers with below recommendation in load balancer. Is it supported? We have gone through load balancer documentation but no reference about Content Security Policy. Does LB support this OR do we have to set in app server. Please kindly guide us.
Vulnerability: Missing Security Headers
Affected urls:
https://api.****.org/ords/API/oauth/token
https://api.*****.org/ords/API/receipt_creation ;
Observation:
"It was observed that crucial security headers are missing from the application. Below are the headers missing: