Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Content Security Policy (CSP) Contains Out of Scope report-uri Domain

Severity: Information
Summary#

Invicti detected that your CSP declaration contains report-uri value that points to an out of scope external domain. This domain will be aware of the CSP violation occurs on your website and some sensitive data will be disclosed to this site.

Remediation#

If you trust this domain you can ignore this issue. However if you do not trust this external domain, remove it from report-uri directive.

Classifications#
, ,
Further Reading#
Invicti Security Insights

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A6 OWASP 2017-A3 CSP

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works