Multiple Content Security Policy (CSP) Implementation Detected

Severity: Information
Summary#

Invicti detected that multiple CSP declaration types were implemented in the page for backward compatibility.

Impact#

Using multiple CSP implementations together might cause CSP directives to not work as intended.

Remediation#

Remove these deprecated implementations:

  • X-Content-Security-Policy
  • X-Webkit-CSP
Classifications#
Invicti Logo

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo