Enabling Security Headers on QIE

Question 1

So, we followed a number of threads and were able to run QIE on an Ubuntu 22.04 instance as a non-root user using HTTPS and a Let's Encrypt certificate. However, our security scanner is reporting that we should be setting Content Security Policy (CSP) headers and others (X-Content-Type-Options for example).

1) How can these headers be set?

2) Are there recommended values for increasing the web-interface security posture - short of blocking Internet access?

Thank you.

Question 2

There is not a way to change these headers for the management console. The QIE management console is not intended to be exposed to the internet; i.e. allow only access from within the local network.

jon-t-7005 · Answer 1 · 2022-06-03T17:43:40+0000

There is not a way to change these headers for the management console. The QIE management console is not intended to be exposed to the internet; i.e. allow only access from within the local network.

Categories

Enabling Security Headers on QIE

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.