Content-Security-Policy analysis

Description

A missing or invalid Content-Security-Policy (CSP) was identified on the target site. CSP can aid in hardening a website against various client side attacks such as Cross-Site Scripting (XSS).

Remediation

If the target site is missing a CSP, please investigate the relevant URLs for enabling CSP. Otherwise, follow the recommendations to determine if any actions are necessary.

Details

ID Aggregated CWE Type Risk
16.8 true 16 Passive Info

Links