Missing OWASP Secure Headers

We are building a Zoom application that displays videos hosted on Cloudflare streams.

<iframe src="https://iframe.videodelivery.net/5d5bc37ffcf54c9b82e996823bffbb81?muted=true"></iframe>

I have added the relevant domains to the “Domain allow list”. Unfortunately, Cloudflare doesn’t seem to send all of the required OWASP Secure Headers.

How can I display Cloudflare streams in a my Zoom application?

Missing OWASP Secure Headers: ["X-Content-Type-Options","Content-Security-Policy","Referrer-Policy"] for URL https://iframe.videodelivery.net/5d5bc37ffcf54c9b82e996823bffbb81?muted=true

This seems to be the easiest way to add or remove headers before returning a stream: Streaming under custom domain - Stream - Cloudflare Community

Hi @MyUsername , we are not familiar with Cloudflare usage in this context, but thank you for sharing this link. Please update our developer community with your findings :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.