Content-Security-Policy-Report-Only analysis
Description
A Content-Security-Policy-Report-Only (CSPRO) was identified on the target site. CSP-Report-Only headers
aid in determining how to implement a Content-Security-Policy that does not disrupt normal use of the target
site.
Remediation
Follow the recommendations to determine if any actions are necessary to harden this Content-Security-Policy-Report-Only.
After all alerts have been resolved, we recommend that this header be changed to Content-Security-Policy.
Details
| ID | Aggregated | CWE | Type | Risk |
|---|---|---|---|---|
| 16.9 | true | 16 | Passive | Info |