Invalid Content Security Policy (CSP) Directive Identified in meta Elements

CWE-16

,

ISO27001-A.14.2.5

,

WASC-15

,

OWASP 2013-A5

,

OWASP 2017-A6

,

Invalid Content Security Policy (CSP) Directive Identified in meta Elements

Severity:

Information

Summary

The following CSP directives cannot be used in meta elements and can only be set via headers:

frame-ancestors
sandbox
report-uri

Impact

Remediation

Move these CSP directives to headers.

Required Skills for Successful Exploitation

Actions To Take

Classifications

,

ISO27001-A.14.2.5

,

,

,

,

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Select Vulnerability

Related Vulnerabilities

BootstrapSelect Identified

Cookie Values Used in Anti-CSRF Token

BootstrapToggle Identified

Out of Band Code Evaluation (Perl)

Version Disclosure (BootstrapSelect)

Featured resources

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

Strengthening enterprise application security: Invicti acquires Kondukto

Read this article

Modern AppSec KPIs: Moving from scan counts to real risk reduction

Read this article

Friends don’t let friends shift left: Shift smarter with DAST-first AppSec

Read this article

Vibe talking: Dan Murphy on the promises, pitfalls, and insecurities of vibe coding

Read this article

View all resources

Build your resistance to threats. And save hundreds of hours each month.