We are not sure we can do a convenient testing. Another thread (Add “Content-Security-Policy” header - Suggest new features / New features - SonarSource Community) makes us think not everything may be done on our side keeping Sonarqube fully functional.
So the question is on Sonar source recommendations for the security headers. Is there any?