csp-enabled

The csp-enabled Element

since 10.3.0

Syntax:

<csp-enabled>true|false</csp-enabled>

[Default: false]

<system-config>
    <csp-enabled>true</csp-enabled>
</system-config>

Enabling this will apply the Content-Security-Policy response header with the default directive:

script-src 'self' 'unsafe-inline' 'unsafe-eval';

This property must be enabled to enable other CSP properties.

See full documentation entry.