Description

Acunetix evaluated the scan target's Content Security Policies, checked for misconfigurations and potentially unintended side-effects of otherwise valid configurations, and offers the following suggestions on how to change existing policies for improved security and maximum compatibility.

Remediation

See alert details for available remediation advice.

References

Using Content Security Policy (CSP) to Secure Web Applications

The dangers of incorrect CSP implementations

Leverage Browser Security Features to Secure Your Website

Related Vulnerabilities

Java Management Extensions (JMX/RMI) service detected

ASP.NET header checking is disabled in web.config

Incorrect Content Security Policy (CSP) Implementation

Content Security Policy (CSP) report-uri Uses HTTP

Case-Insensitive Routing Bypass in Express.js Application

Severity

Info

Classification

CWE-16

Tags

Configuration