Content Security Policy
server/content_security_policy
Specifies whether or not the gateway will use the default content security policy.
The default policy inserts the following HTTP headers into all responses:
| header | value |
|---|---|
| x-frame-options | DENY |
| x-xss-protection | 1 |
| content-security-policy | default-src 'self'; frame-ancestors 'self'; form-action 'self'; |
| x-content-type-options | nosniff |
Property
| Name | Type | Constraints |
|---|---|---|
| content_security_policy | string | Values: default, disabledDefault value: default |
Example
server:
content_security_policy: disabled
Updated 11 months ago