Zoom app new window due to OWASP headers in third party source

Hello ,

I’m facing OWASP headers issue when trying to redirect the user to third party source within a zoom app. (only in mac zoom client , in windows it works fine)

I guess these headers aren’t controlled by my site because it’s a third party vendor .

My site however returns the headers as follows :

			<add name="Strict-Transport-Security" value="max-age=31536000" />
			<add name="X-Content-Type-Options" value="nosniff" />
			<add name="Referrer-Policy" value="strict-origin" />
			<add name="Content-Security-Policy" value="frame-ancestors 'self'  https://zoom.us https://teams.microsoft.com/ https://auth.monday.com *.monday.com/;" />

And the error I get is :

Missing OWASP Secure Headers: [“X-Content-Type-Options”,“Content-Security-Policy”] for URL monday.com: Where Teams Get Work Done

when trying to move to this URL from within the zoom app.

I was advised to redirect the user to this link in a new window, However it seems like the Zoom app prevents me from doing so.

Any suggested solution will be welcomed , Thank you.