nvankampenhout
commented
1 year ago Hi @DirkLanghout , apologies for the delayed response. I don't think the described mechanism to set response headers through HST configuration can support a unique value per request. You'd probably have to customize at Java level. I asked in our internal Slack but didn't receive a response so this might not be a use case we've encountered before.
I recommend you ask this question in our community forum at https://community.bloomreach.com/ and take it up with your Bloomreach support contact.
https://xmdocumentation.bloomreach.com/library/concepts/security/configure-security-response-headers.html I would like to know how to add a Nonce value (unique per request) to a CSP header when the CSP header is set according to this page. And also CSP supports a hash option which requires a value. So maybe add some info about hash aswell.