Solved: recommended policy for Content Security Policy - Qlik Community

dobak · ‎2023-06-30

a customer of ours wants to setup Content Security Policy (CSP). i have learned that i can add that via Additional Response Headers in Qlik Sense QMC.

but i could not find any recommended policies for Qlik. does anyone have experience with this?

Jay_Brown · ‎2023-06-30

Hi @dobak , In general, Content-Security-Policy is not something that Qlik has recommendations for. This is more of an environment hardening issue.

As part of best-effort, I can point you to the most relevant articles and discussions about this as there is some good info in there:

I will say that in the field, mistakes with this hardening can sometimes break access to the environment so it is recommended to fully research those implementations and test them in lower environments prior to deploying.

I hope that helps!

To help users find verified answers, please don't forget to mark a correct resolution or answer to your problem or question as correct.

View solution in original post

Jay_Brown · ‎2023-06-30

Hi @dobak , In general, Content-Security-Policy is not something that Qlik has recommendations for. This is more of an environment hardening issue.

As part of best-effort, I can point you to the most relevant articles and discussions about this as there is some good info in there:

I will say that in the field, mistakes with this hardening can sometimes break access to the environment so it is recommended to fully research those implementations and test them in lower environments prior to deploying.

I hope that helps!

To help users find verified answers, please don't forget to mark a correct resolution or answer to your problem or question as correct.

recommended policy for Content Security Policy

Administration

Security