Security Headers causing issues in CMS

Vote:
 

After reviewing security recommendations, Im trying to add some security headers to my site. Two headers in particualr are causing problems:

Content-Security-Policy

X-Content-Type-Options

I can set them to work on the fron end of the site but they break the CMS. How do I set these so they dont get used in the CMS?

#278011
Apr 07, 2022 13:23
Vote:
 

Have you followed this guide https://world.optimizely.com/documentation/developer-guides/CMS/security/content-security-policy/? You might also have to tweak your policy depending on if the URL is your frontend or the CMS.

#278041
Apr 07, 2022 19:10
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.