After reviewing security recommendations, Im trying to add some security headers to my site. Two headers in particualr are causing problems:
I can set them to work on the fron end of the site but they break the CMS. How do I set these so they dont get used in the CMS?
Have you followed this guide https://world.optimizely.com/documentation/developer-guides/CMS/security/content-security-policy/? You might also have to tweak your policy depending on if the URL is your frontend or the CMS.