Request Header for Html pages

Hi ,
on R12.2 and 11.5.10.2 on AIX

How can I configure/set  Request Header for Html pages ?

Thank you.

What is your purpose? Please give the details.
Also specify the name of one of the html pages that you want to customize.

Hi, Thank you.

We are asked, for security and vulnerability reasons, to set parameteres like:

X-Frame-Options same-origin

for all html pages.

Unless I'm mistaken it can be configured for all in a central configuration file.

But for exemple for login page:
<login_page oa_var="s_login_page">https://sytem_server:8040/OA_HTML/AppsLogin</login_page>

Regards.

That configuration is in oracle_apache.conf..

It is enabled by default and it protects the system against clickjacking by setting the X-Frame-Options HTTP header.

"Header set X-Frame-Options SAMEORIGIN" --> This line should be there already in the oracle_apache.conf and it will allow EBS pages to be framed by other EBS pages, but! not framed by outside EBS page

For more information ->

Oracle E-Business Suite Security Guide Release 12.2, "Using Certified HTTP Security Headers"
Document 403537.1, Secure Configuration for Oracle E-Business Suite Release 12.1, "Use Certified HTTP Security Headers"

Hi,
Thank you.

Does oracle_apache.conf exist? It may be httpd.conf?

Regards.

Yes it is in 10.1.2 Oracle Home/Apache/Apache/conf folder.

Thank you.