Summary
You can turn on the HTTP content security policy (CSP) header for your portal. This optional feature is a part of good security practice for Software as a Service (SaaS).
This feature is available for all customers.
The CSP header restricts how resources like JavaScript load in your browser. This restriction can help protect your portal from cross site scripting (XSS) attacks.
Note: turning on this header disables most browser plugins.
Discuss this feature with your IT team, to understand how it affects browser function for the portal.
By default, the CSP header is turned off for each portal.
Sub-portals do not inherit a CSP setting from a top-level portal. You set each portal and sub-portal separately. If one portal requires browser plugins for your organization’s needs, and others don’t, you can set the permissions as required.
Access permissions
Admins who can access portal settings can set this feature on or off.
See Portal setup: create admin accounts for background.
Set CSP header for your portal
- From main navigation go to Settings > Security > Security Features.
- From Security Features, select Enable CSP header.
- Save to finish.
The following screenshot shows the CSP header feature in its default setting.
See: