The Content-Security-Policy (CSP), which reduces the risk of XSS based attacks for browsers by declaring which dynamic resources are allowed to load in the browser, is set to enabled by default in this release. In past releases this was considered an opt-in feature but is now considered an opt-out feature to increase security compliance for extensions. For more information refer to Enhanced Security with Content Security Policy in Oracle Utilities Application Framework (Document ID 2939222.1) on My Oracle Support.