Add HTTP Headers
Either have the appliance implement all secure headers or allow users to add and/or change additional HTTP headers so all headers can be considered secure. Currently, there is no option to add or edit the content-security policy header.
Benjamin Rechsteiner commented
We have the same problem as @Rick Mueller
Rick Mueller commented
Sites like Security Scorecard are negatively rating sites that do not have a CSP policy in place. Externally exposing the SMA, even if only over 443, will have the rating lowered for the organization without a CSP applied.