Versions Compared

Version Old Version 7 New Version Current
Changes made by

Mattias Löfstrand

Hanna Agerlo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. add the name in the name field and add value in the value filed.

    Code Block
    languagexml
    <add name="X-Frame-Options" value="SAMEORIGIN" />
<add name="X-Content-Type-Options" value="nosniff" />
<add name="Referrer-Policy" value="no-referrer-when-downgrade" />
<add name="Strict-Transport-Security" value="max-age=31536000; includeSubDomains;  preload" />
<add name="Permissions-Policy" value="geolocation=(*)" />

IF customer has strict policy: 
<add name"Content-Security-Policy" value"default-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.adyen.com; style-src 'self' https://*.adyen.com;" />

IF customer does not have strict policy: 
<add name"Content-Security-Policy" value"
default-src *; font-src 'self' 'unsafe-inline';img-src * data:; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.adyen.com 'unsafe-inline' ; style-src 'self' https://*.adyen.com 'unsafe-inline';" />
Note

Depending on version the same headers may exist in AssertWeb\web.config.
Settings must then be removed from this lower level web.config for system to start.

...