Detections
Analytics
Report Only Content Security Policy Detected
info Web App Scanning Plugin ID 112555
Language:
Synopsis
Report Only Content Security Policy DetectedDescription
Content Security Policy (CSP) is a web security standard that helps to mitigate attacks like cross-site scripting (XSS), clickjacking or mixed content issues. CSP provides mechanisms to websites to restrict content that browsers will be allowed to load.CSP has been detected but is configured into to report only mode.
Solution
Ensure that Content Security Policy is configured in enforcing mode on your website by adding 'Content-Security-Policy' HTTP header or meta tag http-equiv='Content-Security-Policy' and removing the 'Content-Security-Policy-Report-Only' HTTP header or meta tag http-equiv='Content-Security-Policy-Report-Only if not neededSee Also
https://content-security-policy.com/
https://csp-evaluator.withgoogle.com/
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
https://developers.google.com/web/fundamentals/security/csp/
Plugin Details
Severity: Info
ID: 112555
Type: remote
Family: HTTP Security Header
Published: 3/7/2019
Updated: 3/25/2024
Scan Template: basic, config_audit, full, overview, pci, quick, scan