SonarQube version Community Edition Version 8.9.6 (build 50800)
Hi,
Current SonarQube manuals don’t have any recommendation on CSP headers. Our security team is concerned on missing of the following ones: Content-Security-Policy, Referrer-Policy, Feature-Policy. Could you please confirm whether its configuration on reverse proxy side (IIS in our case) would not break anything in the SonarQube server.