We need a complete reference for low-level settings supported in xsp.properties (e.g. xsp.csrf.protection, xsp.sessionid.cookie.samesite, etc.).
Historically I were looking into the xsp.properties.sample file in the data directory, but it’s not been updated for a couple of versions. Since then, HCL added bunch of new features and most unknown to developers.