Content-security-policy tomcat

1. How to enable Content-Security-Policy in Tomcat?
2. How to set Content-Security-Policy header in Tomcat 9?
3. How to enable Content-Security-Policy in Apache?

How to enable Content-Security-Policy in Tomcat?

To enable Content-Security-Policy header, set to ON. To enable Content-Security-Policy-Report-Only header, set to REPORTONLY. Edit web. xml (in $TOMCAT_HOME/latest/conf directory) to include xml defining the Content Security Policy Header Filter.

How to set Content-Security-Policy header in Tomcat 9?

xml config is based on built-in Tomcat filters which does not support CSP header yet. Therefore, you need to create custom servlet-filter, which can then be used in the web. xml file. You can found some nitty-gritty about custom filter creation in the grails-x-frame-options-plugin, based on XFO header.

How to enable Content-Security-Policy in Apache?

Content Security Policy (CSP)

CSP instruct browser to load allowed content to load on the website. All major browsers currently offer full or partial support for content security policy. Save the file then restart the Apache service to apply the changes. Save the file then restart Nginx to implement the changes.