How to add trustedtype policy for the Adobe launch scripts injected to the AEM pages? | Community
Skip to main content
Level 2
July 14, 2026
Question

How to add trustedtype policy for the Adobe launch scripts injected to the AEM pages?

  • July 14, 2026
  • 0 replies
  • 3 views

Hi all,

Recently we got a security requirement to add the “require-trusted-types “ directive in the csp with value “script’ to lock down DOM XSS injection sinks. 

However when I add this to the CSP header, it’s blocking couple of lines in the launch scripts. Now I understand that I have to add the trustedPolicy and create a trusted policy in the JS and add that policy-name in the “trusted-types” directive.
But how do I add that in the launch scripts? Because from AEM, we are only adding script url, the scripts are not written in the aem code base. 
Looking for any inputs to implement this.

Thanks,
Dayana