Content Security Policy (CSP) report-uri Uses HTTP

Severity: Information

CSP report-uri declaration is used to report CSP violations. Invicti detected that the report-uri uses an HTTP URL to report these violations.


Violation might include private data which will be exposed through clear text (HTTP) channels. Clear text communication is susceptible to MITM (Man-in-the-middle) attacks.


Use HTTPS in report-uri declaration.

Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo