How do I remove or add a security header on an interface?
Configuration Assistant on Oracle Cloud Portal
Security headers are enabled by default on Oracle B2C Service sites beginning with version 19D. By default the following headers are added to new sites that are created on version 19D or higher:
- X-Frame-Options: sameorigin
- X-XSS-Protection: 1; mode=block
- X-Content-Type-Options: nosniff
You now have the ability within the Configuration Assistant self service tool to add or remove security headers on your web pages. The header can be removed or disabled at the interface level as noted in the instructions in the following link to the Configuration Assistant documentation:
When you navigate to the Manage Security Headers section within the Configuration Assistant, security headers that have a check next to them indicate that the header is set to the default for the interface. You can uncheck the appropriate items to remove the security header and submit your changes.
Headers can also be configured at the template level in Customer Portal with use and configuration of the widgets utils/ClickjackPrevention and utils/AdvancedSecurityHeaders.