Complimentary 90-day, on-prem license available for entities involved in Covid19 response.
Summary

Netsparker detected that the nonce value declared in CSP is not within single quotes.

Impact

When nonce value is not used within single quotes, it will be considered as a part of the resource URL. This will cause relevant script block to not run.

Remediation

Use nonce values within single quotes, i.e.

Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa';
Classifications
CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO