Content Security Policy (CSP) report-uri Uses HTTP

Severity:

Information

Summary

CSP report-uri declaration is used to report CSP violations. Invicti detected that the report-uri uses an HTTP URL to report these violations.

Impact

Violation might include private data which will be exposed through clear text (HTTP) channels. Clear text communication is susceptible to MITM (Man-in-the-middle) attacks.

Remediation

Use HTTPS in report-uri declaration.

Required Skills for Successful Exploitation

Actions To Take

Classifications

ISO27001-A.14.2.5

OWASP 2013-A6

OWASP 2017-A3

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Taleo Web Server Identified

Sensitive Data Exposure - Jenkins Secret

Oracle HTTP Server Identified

ListJs Identified

Blind SQL Injection

Content Security Policy (CSP) report-uri Uses HTTP

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.