logo

CSP: Header & Meta

  • Risk:

  • Informational

  • Type:
  • Passive
Summary
The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
References

https://www.w3.org/TR/CSP/

https://caniuse.com/#search=content+security+policy

https://content-security-policy.com/

https://github.com/HtmlUnit/htmlunit-csp

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

Back <<