Provide CSP management inside Zed to avoid the need for code releases to make changes.

It would be good to have a security section for ideas like this.

There is already a clear approach for using content-security-policy headers here, but as it's a code change it would take code releases to modify.

https://docs.spryker.com/docs/scos/dev/guidelines/security-guidelines.html#clickjacking

It's likely that content teams or sales will add javascript integrations via the CMS and these could require changes to the CSP or worse they might not have an idea why things do not work.

This idea is for a page in Zed to manage the CSP headers. This would improve the visibility of these settings and allow instant changes by non-developers. The downside is you might not want all Zed users to have access to this page but that could be managed via the Zed ACL controls.