Webapp HTTP Headers

Rundeck adds these HTTP headers to responses by default:

X-Frame-Options: deny
X-XSS-Prevention: 1
X-Content-Type-Options: nosniff
Content-Security-Policy: ...

You can configure these, or add additional custom headers with the configuration settings described in Rundeck Configuration - Configuration File Reference - Security Http Headers.

(Since 3.0.13)

# Webapp HTTP Headers