ContextQMD
Back to Gitlabhq

Content-Security-Policy-Report-Only analysis

doc/user/application_security/dast/browser/checks/16.9.md

18.11.2947 B
Original Source

Description

A Content-Security-Policy-Report-Only (CSPRO) was identified on the target site. CSP-Report-Only headers aid in determining how to implement a Content-Security-Policy that does not disrupt normal use of the target site.

Remediation

Follow the recommendations to determine if any actions are necessary to harden this Content-Security-Policy-Report-Only. After all alerts have been resolved, change this header to Content-Security-Policy.

Details

IDAggregatedCWETypeRisk
16.9true16PassiveInfo