Skip to main content


         This documentation site is for previous versions. Visit our new documentation site for current releases.      
 

This content has been archived and is no longer being updated.

Links may not function; however, this content may be relevant to outdated versions of the product.

Securing your application with a content security policy

Updated on July 1, 2021

You can use content security policies to indicate from where your application can load resources, which makes your application more secure. To view or update the content security policies in your application, or to view the content security policies that are available in Pega Platform, do one of the following actions.

  • To specify a content security policy for your application, complete the following steps.
    1. In the Dev Studio header, click Application nameDefinition.
    2. On the Application form, click the Integration & security tab.
    3. In the Policy name field, press the Down Arrow key, and then select the name of a content security policy.
    4. Specify whether to enforce the policy, or to merely report usage of the policy, by clicking one of the following.
      • Reject and report – Enforce the policy
      • Report only – Report, but do not enforce the policy
    5. Click Save.
  • To view the content security policy for your application, in the Dev Studio header, click Application nameDefinition, and then click the Integration & security tab.
  • To list all the content security policies that are available to you, in the navigation panel, click RecordsSecurityContent Security Policy.
  • Previous topic Mapping an endpoint to a cross-origin resource sharing (CORS) policy
  • Next topic Content security policies

Have a question? Get answers now.

Visit the Support Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice
Contact us