You are using third party security scan tool to check a EP system and it reports issue "Missing Content-Security-Policy header" as a risk. The text may look like below.
Missing Content-Security-Policy header
Risk: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations.
It is possible to persuade a naive user to supply sensitive information such as a username, password, credit card number, social security number etc.
Fix: Config your server to use the "Content-Security-Policy" header
security risk, security vulnerability, Content-Security-Policy , KBA , EP-PIN-PRT , Portal Runtime , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.