Question

9
Replies
4937
Views
Close popover
Kyra Tijhuis (KyraT490)
Atos
PCLSA
Atos
NL
KyraT490 Member since 2016 2 posts
Atos
Posted: October 9, 2017
Last activity: October 16, 2018
Closed
Solved

Content Security Policy headers in response

After configuring my application to use a certain Content Security Policy I expect the CSP headers (Content-Security-Policy, X-Content-Security-Policy and X-Webkit-CSP) to be part of every document/xhr response I get from Pega. However, quite a number of (mostly document) reponses do not contain these headers. I haven't figured out a pattern yet, but I'm wondering:

Is there a reason for this behavior? Is there a way to change the behavior so the CSP headers are always part of the response?

***Updated by moderator: Lochan to add SR details***

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Security Support Case Created
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.