| Details | |
|---|---|
| Alert ID | 10055-12 |
| Alert Type | Passive |
| Status | release |
| Risk | Informational |
| CWE | 693 |
| WASC | 15 |
| Technologies Targeted | All |
| Tags |
CWE-693 OWASP_2017_A06 OWASP_2021_A05 |
| More Info |
Scan Rule Help |
Summary
The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.Other Info
References
- https://www.w3.org/TR/CSP/
- https://caniuse.com/#search=content+security+policy
- https://content-security-policy.com/
- https://github.com/HtmlUnit/htmlunit-csp
- https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources