Question

170
Views
Anjani Kumar Ponnam (AnjaniKumarP0301)
E-Pragati

E-Pragati
IN
AnjaniKumarP0301 Member since 2020 11 posts
E-Pragati
Posted: July 24, 2020
Last activity: April 30, 2021
Posted: 24 Jul 2020 4:37 EDT
Last activity: 30 Apr 2021 17:07 EDT

Missing Security headers

Web Browser XSS Protection is nor enabled, or is disabled by the configuration of X-XSS – Protection HTTP response header on the web server Content Security Policy (CSP) is an effective "defence in depth" technique to be used against content injection attacks. It is a declarative policy that informs the user agent what are valid sources to load from.

There is no direct impact of not implementing CSP and XSS on your website. However, if your website is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability.

***Edited by Moderator Marissa to change type from General to Product, update Product details and Platform Capability tags****
Pega Platform Security