Is it possible to add custom HTTP headers?

Hi community, A security firm had conducted a penetration test on our application. They advised us to set the Content-Security-Policy (CSP) HTTP header to control (white-list) the externally loaded resources like script, fonts, style, etc. Is it possible to add custom HTTP headers in serving Mendix container? Kind regards, Johan ___ I requested this feature in an idea:
3 answers

We had similar advise from a security firm, and sent a request to mendix for implementing the header. I don't think it is currently possible to add your own headers in mendix. 



We have recently added the possibility to add customer headers in Cloud v4. See paragraph 4.2 of

Kind regards,

Tom de Groot

Product Manager Mendix Cloud


He Tom, 

Long time no see ;). Question: when updating these headers with the Content-Security-Policy and restarting the application. The current value has been filled with my new Content-Security-Policy line. However when I check via inspector if my new custom Content-Security-Policy has been applied, I still see the old one. 

The real question is: how long does it take after restart to update the headers to be applied with the set values in Sprintr?