How to add custom request headers for CSP


My IS department is asking that I add content-security-policy, strict-transport-security, etc etc type headers, which of course need to be added at the server response level. Thus I’m guessing they should be added at at least the Bokeh type layer, if not the Tornado layer…?? Not sure.

I can see through the Bokeh and Tornado documentation there appears to be underlying methods to add custom request headers. I can’t figure out how to access those from within my python panel app. I would prefer not to run it behind another proxy (it is already running behind AWS ALB which doesn’t seem to support custom headers), and I’d prefer not to have to add AWS CloudFront to my stack (which is another way of hacking it in).

I’ve also gone through the command line switches which is where I expected to see an option, but I don’t see anything that fits the bill.

What would be the best way of doing this?