We had similar advise from a security firm, and sent a request to mendix for implementing the header. I don't think it is currently possible to add your own headers in mendix.
Hi,
We have recently added the possibility to add customer headers in Cloud v4. See paragraph 4.2 of https://docs.mendix.com/developerportal/deploy/environments-details.
Kind regards,
Tom de Groot
Product Manager Mendix Cloud
He Tom,
Long time no see ;). Question: when updating these headers with the Content-Security-Policy and restarting the application. The current value has been filled with my new Content-Security-Policy line. However when I check via inspector if my new custom Content-Security-Policy has been applied, I still see the old one.
The real question is: how long does it take after restart to update the headers to be applied with the set values in Sprintr?