Does Oracle HTTP Server Support Content Security Policy (CSP) Content-Security-Policy-Report-Only Header and report-uri Header Value (Doc ID 2698559.1)

Last updated on SEPTEMBER 11, 2023

Applies to:

Oracle HTTP Server - Version 11.1.1.2.0 and later
Information in this document applies to any platform.

Goal

Explain Oracle HTTP Server's role with Content-Security-Policy(CSP) usage.
Using following two questions as example.

Does OHS support the "report-uri" directive of CSP? e.g.
Header set Content-Security-Policy: "default-src 'self'; report-uri /<APP_NAME>"
Header set Content-Security-Policy: "default-src 'self'; report-uri https://<FQDN>/<APP_NAME>"

Does OHS support the CSP Report Only header "Content-Security-Policy-Report-Only"? e.g.
Header set Content-Security-Policy-Report-Only: "default-src 'self'; report-uri /<APP_NAME>"

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Does Oracle HTTP Server Support Content Security Policy (CSP) Content-Security-Policy-Report-Only Header and report-uri Header Value (Doc ID 2698559.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!