We can define Content Security Policy (CSP) through Lifetime and Service Center.

This applies the configurations we need to prevent some attacks. 

It would be great that Outsystems allowed to create a CSP in report mode only (header: Content-Security-Policy-Report-Only). This way we could test our rules before applying the CSP to the full environment.

This would also be great if this Content-Security-Policy-Report-Only mode goes to the CSP Reports tab from Outsystems.