Description

Acunetix evaluated the scan target's Content Security Policies, checked for misconfigurations and potentially unintended side-effects of otherwise valid configurations, and offers the following suggestions on how to change existing policies for improved security and maximum compatibility.

Remediation

See alert details for available remediation advice.

References

Using Content Security Policy (CSP) to Secure Web Applications

The dangers of incorrect CSP implementations

Leverage Browser Security Features to Secure Your Website

Related Vulnerabilities

CRIME SSL/TLS attack

Tornado weak secret key

CodeIgniter session decoding vulnerability

Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability

Pentaho API Auth bypass (CVE-2021-31602)

Severity

Info

Classification

CWE-16

Tags

Configuration