Content Security Policy (CSP) Not Implemented |
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Best Practice |
An Unsafe Content Security Policy (CSP) Directive in Use |
CWE-16, ISO27001-A.14.2.5, WASC-15 |
Information |
Content Security Policy (CSP) Contains Out of Scope report-uri Domain |
ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 |
Information |
Content Security Policy (CSP) Keywords Not Used Within Single Quotes |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Content Security Policy (CSP) Nonce Without Matching Script Block |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Content Security Policy (CSP) report-uri Uses HTTP |
ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 |
Information |
data: Used in a Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5 |
Information |
default-src Used in Content Security Policy (CSP) |
ISO27001-A.14.2.5, OWASP PC-C9 |
Information |
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP PC-C9 |
Information |
Incorrect Content Security Policy (CSP) Implementation |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Insecure Protocol Detected in Content Security Policy (CSP) |
CWE-319, ISO27001-A.14.2.5 |
Information |
Invalid Content Security Policy (CSP) Directive Identified in meta Elements |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Multiple Content Security Policy (CSP) Implementation Detected |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP PC-C9 |
Information |
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) |
ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Nonce Usage Detected in Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5, OWASP PC-C9 |
Information |
Scheme URI Detected in Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5 |
Information |
Static Nonce Identified in Content Security Policy (CSP) |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Unsupported Hash Detected in Content Security Policy (CSP) |
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Weak Nonce Detected in Content Security Policy (CSP) Declaration |
CWE-330, ISO27001-A.14.2.5, WASC-16, OWASP 2013-A5, OWASP 2017-A6 |
Information |
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5 |
Information |
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5 |
Information |
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive |
ISO27001-A.14.2.5 |
Information |