Contribution org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib--responseHeaders
In component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
  
  This contribution is part of XML component org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService.defaultContrib
  inside nuxeo-platform-web-common-2023.19.6.jar /OSGI-INF/web-request-controller-contrib.xml
  
You can influence this order by adding "require" tags in the containing component declaration, to make sure it is resolved after another component (see "Resolution Order" on components).
    
  
      Extension Point
Extension point responseHeaders of component RequestControllerService.Registration Order
      0
    
    
      The registration order represents the order in which this contribution was registered on its target extention
      point.
      This will impact the override/merge behaviour when it is implemented on the target service, and is useful for
      proper customization of existing contributions.
      You can influence this order by adding "require" tags in the containing component declaration, to make sure it is resolved after another component (see "Resolution Order" on components).
Contributed Items
XML Source
<extension point="responseHeaders" target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService">
    <header name="X-UA-Compatible">IE=10; IE=11</header>
    <header name="Cache-Control">no-cache</header>
    <header name="X-Content-Type-Options">nosniff</header>
    <header name="X-XSS-Protection">1; mode=block</header>
    <header name="X-Frame-Options">SAMEORIGIN</header>
    <header name="Referrer-Policy">strict-origin-when-cross-origin</header>
    <!-- this is a permissive Content-Security-Policy, which should be configured for more security -->
    <header name="Content-Security-Policy">img-src data: blob: *; default-src blob: *; script-src 'unsafe-inline' 'unsafe-eval' data: *; style-src 'unsafe-inline' *; font-src data: *</header>
  </extension>