HTTP Security header support
We need the Optimizely platform to support the following HTTP security response headers:
-Permissions-Policy
-Content-Security-Policy
These headers are essential for instructing browsers on how to handle website content securely. They enhance overall security by enforcing specific rules, such as preventing cross-site scripting (XSS) and clickjacking attacks.
Our cybersecurity provider is now requiring that these policies be implemented on all public-facing web servers. As such, support for these headers is a critical requirement moving forward.
Please advise on the platform’s capability to support and configure these headers.
Michael J. Coggins
shared this idea
-
Team - I would like to elaborate on this. Based on Ticket #1604240, the original request was to increase the CSP value limit. We do have a setting but the issue their partner was seeing when using it was they were exceeding the length limit.
-
Brent Miller
commented
Content-Security-Policy is supported: https://support.optimizely.com/hc/en-us/articles/17474520779405-Set-security-headers
