Question

9
Replies
5138
Views
Kyra Tijhuis (KyraT490)
Atos
PCLSA
Atos
NL
KyraT490 Member since 2016 2 posts
Atos
Posted: October 9, 2017
Last activity: October 16, 2018
Posted: 9 Oct 2017 10:00 EDT
Last activity: 16 Oct 2018 12:03 EDT
Closed
Solved

Content Security Policy headers in response

After configuring my application to use a certain Content Security Policy I expect the CSP headers (Content-Security-Policy, X-Content-Security-Policy and X-Webkit-CSP) to be part of every document/xhr response I get from Pega. However, quite a number of (mostly document) reponses do not contain these headers. I haven't figured out a pattern yet, but I'm wondering:

Is there a reason for this behavior? Is there a way to change the behavior so the CSP headers are always part of the response?

***Updated by moderator: Lochan to add SR details***

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Security Support Case Created
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.