Content Security Policy Enabled by Default

The Content Security Policy (CSP) feature initially released in the 25.10 cloud service release is enabled by default in this release. Refer to the 25.10 What's New document for more information about this feature.

Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. The primary use case for CSP is to control which resources, in particular JavaScript resources, a document is allowed to load. By enabling this response header, customer gets the security benefits related to this.

Steps to enable and configure

You don't need to do anything to enable this feature.

Key resources

Refer to Content Security Policy in the Oracle Utilities Cloud Services Implementation Guide and Request to Add Substitute Variable Values in the Oracle Utilities Cloud Services Cloud Operations Guide for more information.