Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Anjani Kumar Ponnam (AnjaniKumarP0301)
E-Pragati

E-Pragati
IN
AnjaniKumarP0301 Member since 2020 11 posts
E-Pragati
Posted: Jul 24, 2020
Last activity: Apr 30, 2021
Posted: 24 Jul 2020 4:37 EDT
Last activity: 30 Apr 2021 17:07 EDT
Closed

Missing Security headers

Web Browser XSS Protection is nor enabled, or is disabled by the configuration of X-XSS – Protection HTTP response header on the web server Content Security Policy (CSP) is an effective "defence in depth" technique to be used against content injection attacks. It is a declarative policy that informs the user agent what are valid sources to load from.

There is no direct impact of not implementing CSP and XSS on your website. However, if your website is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability.

***Edited by Moderator Marissa to change type from General to Product, update Product details and Platform Capability tags****
To see attachments, please log in.
Pega Platform
Security

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice