Content Security Policy (CSP) Nonce Without Matching Script Block Severity: Information Summary# Invicti detected that the page does not contain any script blocks with the nonce declared in CSP. Remediation# Ensure that all the script blocks has a matching nonce. If this nonce is not necessary then remove it from CSP. Classifications# ISO27001-A.14.2.5, OWASP 2017-A6, OWASP 2013-A5, CWE-16, WASC-15 Further Reading# Content Security Policy (CSP) Explained Invicti Security Insights Using Content Security Policy (CSP) to secure web applications Remote Hardware Takeover via Vulnerable Admin Software The dangers of incorrect CSP implementations Leverage Browser Security Features to Secure Your Website Vulnerability Index You can search and find all vulnerabilities Select Category Critical High Medium Low Best Practice Information OR Search Vulnerability Tags OWASP 2013-A5 OWASP 2017-A6 CSP Related Vulnerabilities Blind Cross-site Scripting Cross-site Scripting (DOM based) Cross-site Scripting via Remote File Inclusion Insecure Transportation Security Protocol Supported (SSLv2) Missing Content-Type Header