Hi, For security I am looking through the possibilities mendix offers on HTTP headers. I was wondering if others have implemented any best practices for them? I am not well versed in them and don't know how they would affect my app. By searching on google I have found some recommendations, however for the Referrer-Policy header and Content-Security-Policy header I could not find concrete recommendations or how they would affect my application. What would you recommend for HTTP headers in mendix? Thanks in advance and kind regards, Bas van Dongen
Bas van Dongen
I would recommend to start with
default-src 'self' 'unsafe-inline' 'unsafe-eval'
Ideally, you wouldn't want to include the unsafe options, but unfortunately the Mendix platform needs it to run properly.
Next step is to check if extra sources need to be added, depending on your needs.