Summary

Acunetix 360 detected that multiple CSP declaration types were implemented in the page for backward compatibility.

Impact

Using multiple CSP implementations together might cause CSP directives to not work as intended.

Remediation

Remove these deprecated implementations:

  • X-Content-Security-Policy
  • X-Webkit-CSP

Severity

Information

Classification

CWE-16 ISO27001-A.14.2.5 WASC-15