Connection Server and security server comply with certain World Wide Web Consortium (W3) standards.

  • Cross-Origin Resource Sharing (CORS) constrains client-side cross-origin requests. You can enable it by adding the entry enableCORS=true or disable it by adding the entry enableCORS=false to locked.properties.
  • Content Security Policy (CSP), which mitigates a broad class of content injection vulnerabilities, is enabled by default. You can disable it by adding the entry enableCSP=false to locked.properties.