Configuring content security policy headers for browser based security


The Content Security Policy (CSP) is a security standard that modern browsers support to prevent malicious content from being loaded in your application. CSP restricts the sources from which content, such as scripts, images, stylesheets, and other resources, can be loaded. By configuring the CSP header, administrators can improve the overall security of applications built using the BMC Helix Innovation Suite.

BMC Helix Innovation Suite supports the following CSP Headers, as defined in the Content Security Policy (CSP) Quick Reference Guide at http://content-security-policy.com/ -

  • Object-Src
  • Script-Src
  • Style-Src
  • Img-src
  • Font-src
  • Connect-src
  • Media-src
  • Base-uri
  • Form-action​​​
  • Worker-src

To manage the CSP settings

Review the following procedures to enable or customize CSP headers for your application:

Important
Clear the browser cache after updating the CSP settings to ensure that the browser applies the latest configuration.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*