Why when I check the Response Headers of the first HTTP response I see no CSP?

No Content Security Policy is set in Streamlit pages?

(I’m using streamlit cloud to host my webpage)

Hi @Fedruscia,

I know this thread is pretty old, but wanted to update you on this issue after touching base with our development team.

Unfortunately, Streamlit doesn’t currently support setting security headers. While we are considering enhancements in this area we are not expecting any major support to be implemented in the next six months. Given that meaningful improvements to the library in this area won’t be prioritized in the near term, we recommend seeking other solutions if this is an urgent need for your use case.

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.