Missing Security Headers in Billing Care (Doc ID 2604604.1)

Last updated on APRIL 16, 2021

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.20.0 and later
Information in this document applies to any platform.

Symptoms

After running the Billing Care application by a security checklist, one has found that some header items are either missing or should not be included as part of REST API response. This is to make sure that the application follows security guidelines.

Below are some recommended security headers that should be set and sent in all server responses:

And the 'X-Powered-By: Servlet/2.5 JSP/2.1' header sent in server responses exposes unnecessary information and should be removed unless necessary.

Changes

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

Missing Security Headers in Billing Care (Doc ID 2604604.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!