CSP: Header & Meta

Risk:
Informational

Type:
Passive

CWE:
CWE-693

Summary: The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.

Solution: Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

References

https://www.w3.org/TR/CSP/

https://caniuse.com/#search=content+security+policy

https://content-security-policy.com/

https://github.com/HtmlUnit/htmlunit-csp

https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources

Free online web security scanner

Don't show website scan report rating on the leaderboard