CWE-16

,

ISO27001-A.14.2.5

,

WASC-15

,

Deprecated Header Instruction Used to Implement Content Security Policy (CSP)

Severity:

Information

Summary

Invicti detected that a deprecated header instruction such as X-Content-Security-Policy and X-Webkit-CSP is used to implement CSP.

Impact

This header instruction is deprecated and will not work on most browsers.

Remediation

Use Content-Security-Policy header instruction instead of these deprecated header instructions:

X-Content-Security-Policy
X-Webkit-CSP

Required Skills for Successful Exploitation

Actions To Take

Classifications

,

ISO27001-A.14.2.5

,

,

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Select Vulnerability

Related Vulnerabilities

Server-Side Template Injection (JinJava)

Spring Boot Misconfiguration: Unsafe value for session tracking

Oracle HTTP Server Identified

Laravel Environment Configuration File Detected

RiotJs Identified

Featured resources

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

View all resources

Build your resistance to threats. And save hundreds of hours each month.