Missing Security Headers in Billing Care
(Doc ID 2604604.1)
Last updated on NOVEMBER 15, 2019
Applies to:
Oracle Communications Billing and Revenue Management - Version 7.5.0.20.0 and laterInformation in this document applies to any platform.
Symptoms
After running the Billing Care application by a security checklist, one has found that some header items are either missing or should not be included as part of REST API response. This is to make sure that the application follows security guidelines.
Below are some recommended security headers that should be set and sent in all server responses:
And the 'X-Powered-By: Servlet/2.5 JSP/2.1' header sent in server responses exposes unnecessary information and should be removed unless necessary.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |