On this page can set the __Content Security Policy (CSP)__ and various other security HTTP headers.\\
\\
External link\\ 
[https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP|https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP]
\\ 
[{Image src='webinterfacecsp.jpg' width='..' height='..' align='left' style='..' class='..' }]\\
\\
The CSP header comes with default policy 
{{{
Content-Security-Policy: default-src 'self' data: 'unsafe-inline' 'unsafe-eval'
}}}
\\\
not visible in the GUI. The __Domains Allowed__ field extend the policy with external source domain directives.\\
\\
The __Other Headers__ section allows adding miscellaneous headers, the format required is\\ 
{{{
Header-Name:header value #1;header value #2;
}}}
We set the following security headers by default:\\
\\
*__STS__ [External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security]
*__Referrer-Policy__ [External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy]
*__X-Content-Type__ [External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options]
*__XSS policy headers__ [External link: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection]
\\
Can add up to 20 additional headers in this section. This may be extended in future releases.\\