Hi João,

You can change your web.config file to send HTTP Security Headers using Factory Configuration forge component.

You can see here an example. 

Kind Regards,
João

Hi,

Facing the same issue. I need to configure the; 'referrer-policy' and the 'permissions-policy'. 

I found this part online regarding adding the permissions-policy to the header:

Permissions-Policy: geolocation=(self "https://example.com"), microphone=()

Can someone explain step-by-step where to add this?

Thanks! 

Regards,

Jorick

Edit: 

For permissions-policy and referrer-policy add this as new configuration and assign it to the espaces.

<?xml version="1.0" encoding="UTF-8"?>

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

    <xsl:output method="xml" indent="yes" encoding="UTF-8"/> 

    <xsl:template match="@*|node()">

        <xsl:copy>

            <xsl:apply-templates select="@*|node()"/>

        </xsl:copy>

    </xsl:template>

    <xsl:template match="/configuration/system.webServer/httpProtocol/customHeaders">

        <xsl:copy>

            <xsl:apply-templates select="@*|node()"/>

            <add name="Referrer-Policy" value="no-referrer" />

            <add name="Permissions-Policy" value="no-referrer" />

        </xsl:copy>

    </xsl:template>

</xsl:stylesheet>

Hi,

Like João Marques tried to explain.

You can follow the steps explain here  and then add the attached shared configuration to the form.

Don't forget do publish module after appling the settings in Factory Configuration.

You can check in network if the Header was applied as you expected.