“Content-Security-Policy” header
Hello,
We want to add the “Content-Security-Policy” header to the OpsManager/MongoDB answers to increase the security level:
frame-ancestors 'none' (Do not render in frames)
script-src 'self': only loads scripts originating on the site (subdomains excluded)
default-src 'none': recommended for services returning HTML.
Could you please tell us how to set up these elements ?
Thank you in advance for your support.
Regards
7
votes
![](https://secure.gravatar.com/avatar/e9dbf7d2f7093ba36469943ee24728e1?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)
-
Daouda [not provided] commented
very important for security level