Skip to main content

Qlik

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Launches Open Lakehouse and advanced agentic AI experience in Qlik Answers! | LEARN MORE
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
nilesh007
Partner - Creator
‎2025-01-02 05:22 AM

CSP Content-Security-Policy header issue

Hi Community,

In Qlik sense enterprise, according to VAPT report there are some missing security headers which needs to be implemented. We are facing issue while adding the below security header in the virtual proxy.
--> Content-Security-Policy: default-src 'self'
After implementing it we are unable to access qlik getting black/grey screen.

Articles followed:

https://community.qlik.com/t5/Official-Support-Articles/Qlik-Sense-Enterprise-on-Windows-Securing-an....

How to determine string policy for Content Securit... - Qlik Community - 1715491

 

error5.JPGnetwork.JPG

459 Views
3 Replies
Ray_Strother
Support
‎2025-01-03 04:51 PM

Hello ,

Not sure if this is what you are looking . adding additional response headers : https://community.qlik.com/t5/Official-Support-Articles/How-to-add-additional-response-headers-in-Ql...
427 Views
0 Likes
bella964
Contributor
‎2025-01-04 06:23 AM

Hello,
Can u pls explain me more about this.
safeco now agent login
Best Regards

415 Views
0 Likes
nilesh007
Partner - Creator
‎2025-03-03 02:15 AM
Author

In response to Ray_Strother

Hi Ray,

Thanks for your reply. We want this header to be implemented in the virtual proxy "Content-Security-Policy: default-src 'self'" before making it live on the Internet. But according to the VAPT report, if we do not implement this header, it is not safe to make it live. We tried implementing this header, but QMC and Hub are not working after that.

227 Views
0 Likes
Top