Content Security Policy (CSP)

Content Security Policy (CSP) is crucial to prevent certain types of security threats, including cross-site scripting (XSS), clickjacking, and code injection attacks. By defining which sources of content are allowed to be executed within a web page, CSP significantly reduces the risk of malicious scripts being injected into the website, ensuring a safer browser experience.

To install CSP:
  1. Open a command prompt.
  2. Run the following command
    appcmd.exe set config /section:httpProtocol /+customHeaders.["name='Content-Security-Policy',value='default-src ''self''; style-src ''self'' ''unsafe-inline''; script-src ''self'' ''unsafe-inline'' ''unsafe-eval''; img-src ''self'' *.oracle.com *.oracleindustry.com data:; connect-src ''self'' *.oracleindustry.com; frame-src ''self'' apexapps.oracle.com hsgbu.custhelp.com hsgbu-jp.custhelp.com *.oracle.com *.oracleindustry.com' "] /commit:apphost
  3. Perform IIS reset.

Parent topic: Installation overview