ZAP – Content Security Policy Violations Reporting Enabled

Details
Alert ID	100004
Alert Type	Script Passive
Status	alpha
Risk	Informational
CWE	200
WASC	13
Technologies Targeted	All
Tags	CWE-200
More Info	Scan Rule Help

Summary

Solution

Site owner will be notified at each policies violations, so, start by analyzing if a real monitoring of the notifications is in place before to use fuzzing or to be more aggressive.

Other Info

References

https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Using_CSP_violation_reports

Code

passive/detect_csp_notif_and_reportonly.js