Connection Server and security server comply with certain World Wide Web Consortium (W3) standards.
Cross-Origin Resource Sharing (CORS), which constrains client-side cross-origin requests, is enabled by default. You can disable it by adding the entry enableCORS=false to locked.properties.
Content Security Policy (CSP), which mitigates a broad class of content injection vulnerabilities, is enabled by default. You can disable it by adding the entry enableCSP=false to locked.properties.