Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
Severity: Information
Summary
Netsparker detected that the nonce value declared in CSP is not within single quotes.
Impact
When nonce value is not used within single quotes, it will be considered as a part of the resource URL. This will cause relevant script block to not run.
Remediation
Use nonce values within single quotes, i.e.
Content-Security-Policy: script-src 'nonce-EDNnf03nceIOfn39fn3e9h3sdfa';
Classifications
OWASP 2013-A5
Further Reading
Vulnerability Index
You can search and find all vulnerabilities
Select Category
OR
Search Vulnerability
