Content Security Policy (CSP) Nonce Without Matching Script Block

Severity: Information

Summary#

Invicti detected that the page does not contain any script blocks with the nonce declared in CSP.

Remediation#

Ensure that all the script blocks has a matching nonce. If this nonce is not necessary then remove it from CSP.

Classifications#

WASC-15, ISO27001-A.14.2.5, OWASP 2017-A6, OWASP 2013-A5, CWE-16