Content Security Policy (CSP) Nonce Without Matching Script Block - Vulnerability Database

Content Security Policy (CSP) Nonce Without Matching Script Block

Description

Invicti evaluated the scan target's Content Security Policies, checked for misconfigurations and potentially unintended side-effects of otherwise valid configurations, and offers the following suggestions on how to change existing policies for improved security and maximum compatibility.

Remediation

See alert details for available remediation advice.

References

Using Content Security Policy (CSP) to Secure Web Applications

The dangers of incorrect CSP implementations

Leverage Browser Security Features to Secure Your Website

Related Vulnerabilities

Severity

Information

Classification

CWE-16