Obsolete Content Security Policy (CSP) Header Found

Risk:
Informational

Type:
Passive

CWE:
693

Summary: The “X-Content-Security-Policy” and “X-WebKit-CSP” headers are no longer recommended.

Solution: Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.

References

https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

https://www.w3.org/TR/CSP/

https://w3c.github.io/webappsec-csp/

https://web.dev/articles/csp

https://caniuse.com/#feat=contentsecuritypolicy

https://content-security-policy.com/