The HTTP Content Security Policy response header ensures the security of the Controller webpages. It enhances the overall security for Splunk AppDynamics components.

By default, the Content Security Policy (CSP) is disabled in Splunk AppDynamics On-Premises. Configure the required account as follows:

  1. Log in to Administration Console as the root user.
  2. Select Account Settings.
  3. In Accounts & Licenses, select the Account Name for which you want to enable CSP, then click Edit.
  4. In Account Properties, add the following properties:
    • contentSecurityPolicy: Set it to true. This property enables the CSP header.
    • script-src: (Optional) Specify the sources that are allowed to execute JavaScript on the Controller webpage. You can add multiple sources by adding space in between the sources.

    • object-src: (Optional) Specify the sources that are allowed for <object> and <embed> elements. You can add multiple sources by adding space in between the sources. If you add 'none' as the value, it will block the loading of any browser plugins.

  5. Click Save.