Skip to content

Content-Security-Policy analysis

Description

A missing or invalid Content-Security-Policy (CSP) was identified on the target site. CSP can aid in hardening a website against various client side attacks such as Cross-Site Scripting (XSS).

Remediation

If the target site is missing a CSP, investigate the relevant URLs for enabling CSP. Otherwise, follow the recommendations to determine if any actions are necessary.

Details

ID Aggregated CWE Type Risk
16.8 true 16 Passive Info

Links