Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

Severity:

Information

Summary

Content-Security-Policy-Report-Only cannot be declared without report-uri directive, because of that it will send the violations to the defined URL.

Content-Security-Policy-Report-Only: script-src 'self'; report-uri https://www.example.com;

Impact

Remediation

Required Skills for Successful Exploitation

Actions To Take

If you want to use one of the CSP in report only mode, you should declare with a report-uri

Classifications

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

Spring Boot Actuator Endpoint Detected

Bluebird Identified

Source Code Disclosure (PHP)

Lodash Identified

Directory Listing (ASP.NET Server)

Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

Vulnerability Index

Select Category

Select Vulnerability

Featured resources

Build your resistance to threats. And save hundreds of hours each month.