Jump to: navigation, search

Content Security Policy

Header Value

All server responses contains a Content-Security-Policy header. In configurations with Single Sign On (SSO) disabled its value is:

default-src 'self'; img-src 'self' data:

In configurations with SSO enabled, the value is:

default-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline';


  • 'unsafe-inline' is required by third-party libraries.
This page was last modified on December 19, 2017, at 04:03.


Comment on this article:

blog comments powered by Disqus