My webMethods Server 10.15 | My webMethods Server Webhelp | Administering My webMethods Server | System Administrator Functions | Managing Security | Working with Response Header Rules | Content Security Policy Settings
 
Content Security Policy Settings
You can specify custom header response rules that modify the default Content-Security-Policy header for particular server resources, or use additional JVM parameters to configure the policy globally for My webMethods Server. Use the following custom JVM parameters to enable or disable the default content security policy, or configure sources of trusted content:
*com.webmethods.content.security.disabled - The default value is false. Set to true to disable the content security policy.
*com.webmethods.content.security.hosts - Use this parameter to supply additional allowed hosts. Separate multiple values with intervals.
For more information about adding JVM properties in the custom_wrapper.conf file for My webMethods Server, see Configuring JVM Settings for My webMethods Server.
For more information about working with response header rules, see Working with Response Header Rules.