CSP smooth introduction
Full details on the approach: https://docs.google.com/document/d/1hr_Kaf0fVWBACibpHbSYsk4RoqcHD3cBrqXxuTtWKVM (public)
The advantage of that set of headers is to prevent a large number of XSS threats. The mechanism will prevent the execution of unauthorized scripts and styles.
To achieve this migration with as little pain as possible, here are the proposed steps:
1) Moving inline scripts / styles to their own file or equivalent
2) Put in a place sort of a reporting / monitoring tooling inside Jenkins to know when a rule is broken
3) Once we are sufficiently confident we have covered all the cases, enforce the rules.
Compatibility for plugins
Documentation on jenkins.io about how to find and adjust code