Details
Scan Rule ID 10055
Alert Type Passive
Status release

Alerts

  • 10055-1 CSP: X-Content-Security-Policy
  • 10055-10 CSP: script-src unsafe-eval
  • 10055-11 CSP: Meta Policy Invalid Directive
  • 10055-12 CSP: Header & Meta
  • 10055-13 CSP: Failure to Define Directive with No Fallback
  • 10055-2 CSP: X-WebKit-CSP
  • 10055-3 CSP: Notices
  • 10055-4 CSP: Wildcard Directive
  • 10055-5 CSP: script-src unsafe-inline
  • 10055-6 CSP: style-src unsafe-inline
  • 10055-7 CSP: script-src unsafe-hashes
  • 10055-8 CSP: style-src unsafe-hashes
  • 10055-9 CSP: Malformed Policy (Non-ASCII)

Code

org/zaproxy/zap/extension/pscanrules/ContentSecurityPolicyScanRule.java