Keeping user data secure and platforms protected from modern web threats is an ongoing responsibility. In our latest release, we’ve added a new tenant-level feature focused on strengthening browser-side security through improved HTTP headers and Content Security Policy (CSP) management.
Available exclusively in the Admin UI under the Security menu, this feature—ChimeV5.SecurityHeaders—provides visibility, control, and reporting tools designed to meet industry security standards and respond to penetration testing guidance.
This release introduces platform-wide HTTP header configuration and CSP policy enhancements, with a clear goal: improve defense against modern web vulnerabilities like cross-site scripting (XSS), data injection, and unsafe resource loading.
In addition to deploying a stronger security baseline across the platform, the system also supports CSP violation reporting—giving administrators insight into where potential issues are occurring, in real time.
This dashboard view allows administrators to monitor Content Security Policy violations over a selected date range. It offers visual reporting to help teams identify when and how frequently policy violations are occurring, making it easier to spot patterns, flag high-risk scripts, or detect misconfigurations before they become serious issues.
This page displays the currently applied HTTP security headers across the tenant. It includes critical values like Content-Security-Policy, Strict-Transport-Security, X-Frame-Options, and more. Admins can use this page to verify that protective headers are deployed correctly and consistently, ensuring alignment with expected security baselines.
For more granular inspection, this searchable table view allows administrators to explore individual CSP violation events. The interface supports date filtering and column sorting, enabling easy detection of specific policy breaches, affected endpoints, or resource types. This makes troubleshooting and fine-tuning CSP configurations much more manageable.
This page surfaces the stored VspViolationItem content items that represent recorded violation events. It offers a structured look at the raw data behind the reporting dashboards, ideal for audit trails, compliance review, or integration into larger security workflows.
Security headers and CSP policies provide crucial defense at the browser level—often stopping threats before they even interact with your application logic. With these new tools, tenants gain:
Stronger out-of-the-box protections based on trusted security standards
Real-time visibility into violations and suspicious content behaviors
Actionable data that helps teams respond quickly and refine policies over time
This isn’t just a set of background improvements—this is a toolkit for actively managing and improving web security posture from within the platform itself.