Content Security Policy (CSP) report-uri Uses HTTP
Summary#
CSP report-uri declaration is used to report CSP violations. Invicti detected that the report-uri uses an HTTP URL to report these violations.
Impact#
Violation might include private data which will be exposed through clear text (HTTP) channels. Clear text communication is susceptible to MITM (Man-in-the-middle) attacks.
Remediation#
Use HTTPS in report-uri declaration.
Classifications#
Further Reading#
Invicti Security Insights
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
Tags
Related Vulnerabilities