So, we followed a number of threads and were able to run QIE on an Ubuntu 22.04 instance as a non-root user using HTTPS and a Let's Encrypt certificate. However, our security scanner is reporting that we should be setting Content Security Policy (CSP) headers and others (X-Content-Type-Options for example).
1) How can these headers be set?
2) Are there recommended values for increasing the web-interface security posture - short of blocking Internet access?
Thank you.