My Oracle Support Banner

Missing Security Headers in Billing Care (Doc ID 2604604.1)

Last updated on NOVEMBER 15, 2019

Applies to:

Oracle Communications Billing and Revenue Management - Version 7.5.0.20.0 and later
Information in this document applies to any platform.

Symptoms

After running the Billing Care application by a security checklist, one has found that some header items are either missing or should not be included as part of REST API response. This is to make sure that the application follows security guidelines.

Below are some recommended security headers that should be set and sent in all server responses:

 
And the 'X-Powered-By: Servlet/2.5 JSP/2.1' header sent in server responses exposes unnecessary information and should be removed unless necessary.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.