I ran pen test on retool app and got 3 recommendations to add to the http header:
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: script-src 'self'
is it possible to add it ?
Hell @Shachar_Segev1,
Yes, you can most definitely define the HTTP headers for REST API resources.
See this example:
