Security headers in load balancer — Cloud Customer Connect
You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

Security headers in load balancer

in OCI - General 2 comments

Hi Team,

Need your expertise.

We have OCI load balancer front end to our apex application.

Our application was scanned by third party team and shared the below vulnerabilty.

We have to add the below security headers with below recommendation in load balancer. Is it supported? We have gone through load balancer documentation but no reference about Content Security Policy. Does LB support this OR do we have to set in app server. Please kindly guide us.

Vulnerability: Missing Security Headers

Affected urls:
https://api.****.org/ords/API/oauth/token
https://api.*****.org/ords/API/receipt_creation ;

Observation:

"It was observed that crucial security headers are missing from the application. Below are the headers missing:

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!