CWE-16

,

ISO27001-A.14.2.5

,

OWASP 2013-A5

,

OWASP 2017-A6

,

WASC-15

,

Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive

Severity:

Information

Summary

Content-Security-Policy-Report-Only cannot be declared without report-uri directive, because of that it will send the violations to the defined URL.

Content-Security-Policy-Report-Only: script-src 'self'; report-uri https://www.example.com;

Impact

Remediation

Required Skills for Successful Exploitation

Actions To Take

If you want to use one of the CSP in report only mode, you should declare with a report-uri

Classifications

,

ISO27001-A.14.2.5

,

,

,

,

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Select Vulnerability

Related Vulnerabilities

qdPM Detected

JBoss Application Server Identified

Directory Listing (Nginx)

Cross-site Referrer Leakage through usage of unsafe-url in Referrer-Policy

Handlebarsjs Identified

Featured resources

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

View all resources

Build your resistance to threats. And save hundreds of hours each month.