SAP Knowledge Base Article - Preview

2487042 - Security Scan Shows "Missing Content-Security-Policy header" risk


You are using third party security scan tool to check a EP system and it reports issue "Missing Content-Security-Policy header" as a risk. The text may look like below.


Missing Content-Security-Policy header

Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.

        It is possible to persuade a naive user to supply sensitive information such as a username, password, credit card number, social security number etc.

Fix: Config your server to use the "Content-Security-Policy" header




NetWeaver AS Java all releases


SAP NetWeaver all versions


security risk, security vulnerability, Content-Security-Policy , KBA , EP-PIN-PRT , Portal Runtime , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.