https://community.qlik.com/t5/Management-Governance/recommended-policy-for-Content-Security-Policy/m-p/2089402#M29701 <P>a customer of ours wants to setup Content Security Policy (CSP). i have learned that i can add that via Additional Response Headers in Qlik Sense QMC.</P> <P>&nbsp;</P> <P>but i could not find any recommended policies for Qlik. does anyone have experience with this?</P> <P>&nbsp;</P> Fri, 30 Jun 2023 07:32:53 GMT dobak 2023-06-30T07:32:53Z https://community.qlik.com/t5/Management-Governance/recommended-policy-for-Content-Security-Policy/m-p/2089402#M29701 <P>a customer of ours wants to setup Content Security Policy (CSP). i have learned that i can add that via Additional Response Headers in Qlik Sense QMC.</P> <P>&nbsp;</P> <P>but i could not find any recommended policies for Qlik. does anyone have experience with this?</P> <P>&nbsp;</P> Fri, 30 Jun 2023 07:32:53 GMT https://community.qlik.com/t5/Management-Governance/recommended-policy-for-Content-Security-Policy/m-p/2089402#M29701 dobak 2023-06-30T07:32:53Z https://community.qlik.com/t5/Management-Governance/recommended-policy-for-Content-Security-Policy/m-p/2089614#M29702 <P>Hi&nbsp;<a href="https://community.qlik.com/t5/user/viewprofilepage/user-id/218817">@dobak</a>&nbsp;,&nbsp;In general, Content-Security-Policy is not something that Qlik has recommendations for. This is more of an environment hardening issue.</P> <P>As part of best-effort, I can point you to the most relevant articles and discussions about this as there is some good info in there:</P> <OL> <LI><A href="https://community.qlik.com/t5/Official-Support-Articles/What-is-CSP-Content-Security-Policy-and-How-does-it-Relate-to/ta-p/1710258" target="_blank">https://community.qlik.com/t5/Official-Support-Articles/What-is-CSP-Content-Security-Policy-and-How-does-it-Relate-to/ta-p/1710258</A>&nbsp;</LI> <LI><A href="https://community.qlik.com/t5/Official-Support-Articles/How-to-add-additional-response-headers-in-Qlik-Sense/ta-p/1717563" target="_blank">https://community.qlik.com/t5/Official-Support-Articles/How-to-add-additional-response-headers-in-Qlik-Sense/ta-p/1717563</A>&nbsp;</LI> <LI><A href="https://community.qlik.com/t5/Security-Governance/Not-able-to-apply-Content-Security-Policy-on-Qliksense/td-p/1998893" target="_blank">https://community.qlik.com/t5/Security-Governance/Not-able-to-apply-Content-Security-Policy-on-Qliksense/td-p/1998893</A>&nbsp;</LI> <LI><A href="https://community.qlik.com/t5/Official-Support-Articles/How-to-determine-string-policy-for-Content-Security-Policy/ta-p/1715491" target="_blank">https://community.qlik.com/t5/Official-Support-Articles/How-to-determine-string-policy-for-Content-Security-Policy/ta-p/1715491</A>&nbsp;</LI> <LI><A href="https://support.qlik.com/articles/000069349" target="_blank">https://support.qlik.com/articles/000069349</A>&nbsp;</LI> </OL> <P>I will say that in the field, mistakes with this hardening can sometimes break access to the environment so it is recommended to fully research those implementations and test them in lower environments prior to deploying.</P> <P>I hope that helps!</P> Fri, 30 Jun 2023 15:43:06 GMT https://community.qlik.com/t5/Management-Governance/recommended-policy-for-Content-Security-Policy/m-p/2089614#M29702 Jay_Brown 2023-06-30T15:43:06Z