Jenkins 未返回内容安全策略标头作为响应

问：

出于安全目的，我想在我的 jenkins url 中实现 CSP（内容安全策略）标头，这是我使用此脚本更改 CSP https://jenkins.example.com

#!/bin/bash

# Define the Content Security Policy
CSP="sandbox allow-scripts; default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline';"

# Add the CSP to the JAVA_OPTS
JAVA_OPTS="-Djava.awt.headless=true -Dhudson.model.DirectoryBrowserSupport.CSP=\"$CSP\""

# Create a backup of the original jenkins.service file
sudo cp /usr/lib/systemd/system/jenkins.service /usr/lib/systemd/system/jenkins.service.bak

# Use 'systemctl edit' to create an override file for Jenkins service
# This is the recommended way to modify service files in systemd
echo -e "[Service]\nEnvironment=\"JAVA_OPTS=${JAVA_OPTS}\"" | sudo SYSTEMD_EDITOR=tee systemctl edit jenkins

# Reload the systemd manager configuration
sudo systemctl daemon-reload

# Restart Jenkins to apply the changes
sudo systemctl restart jenkins

但回复表格是这样的curl -I -L https://jenkins.example.com

HTTP/2 200 
date: Thu, 16 Nov 2023 17:19:48 GMT
content-type: text/html;charset=utf-8
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache,no-store,must-revalidate
x-hudson-theme: default
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
set-cookie: JSESSIONID.xxxxxxxxxx=node08f7xxxxxxxxxxxxxxxx.node0; Path=/; Secure; HttpOnly
x-hudson: 1.395
x-jenkins: 2.426.1
x-jenkins-session: xxxxxxx
x-frame-options: sameorigin
x-instance-identity: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
server: Jetty(10.0.17)

是返回内容安全标头还是jenkins默认不返回任何标头，或者如何让它返回csp标头？