ContextQMD
Back to Gitlabhq

Content-Security-Policy analysis

doc/user/application_security/dast/browser/checks/16.8.md

18.11.2875 B
Original Source

Description

A missing or invalid Content-Security-Policy (CSP) was identified on the target site. CSP can aid in hardening a website against various client side attacks such as Cross-Site Scripting (XSS).

Remediation

If the target site is missing a CSP, investigate the relevant URLs for enabling CSP. Otherwise, follow the recommendations to determine if any actions are necessary.

Details

IDAggregatedCWETypeRisk
16.8true16PassiveInfo