I am working on implementing a Content Security Policy at my organization and didn't find the option to activate the 'Report-Only' header.


Is this not possible in Outsystems? Or do I need a trick that I don't know about.

I would really like to validate my CSP before making it final.



Hi Laurens, 

Have you tried using the AddHeader action from the HTTPRequestHandler extension ?

You can find it on Manage Dependencies.


No I haven't tried that since I don't want to go into all of my code to just add this header manually.

The way to do it now is via Lifetime so I kinda expected it to be an option there.