Specify the HTTP security response headers for BlueCat Gateway.
- Content-Security-Policy: The HTTP response header that lets website administrators control resources to load for a given web page. Content Security Policy (CSP) is an added scecurity layer that helps to detect and mitigate cross-site scripting (XSS) attacks, data injection attacks, and click-jacking.
- Strict Transport Security: The HTTP response header that allows a webpage to tell browsers that it should be accessed using HTTPS, instead of HTTP. As a security best practice, BlueCat recommends enabling this option.
Follow the steps below to specify the content-security-policy and strict-transport-security response headers for BlueCat Gateway: