Summary

CSP report-uri declaration is used to report CSP violations. Netsparker detected that the report-uri uses an HTTP URL to report these violations.

Impact

Violation might include private data which will be exposed through clear text (HTTP) channels. Clear text communication is susceptible to MITM (Man-in-the-middle) attacks.

Remediation

Use HTTPS in report-uri declaration.

Classifications
OWASP 2013-A6
Vulnerability Index

Vulnerability Index

You can search and find all vulnerabilities

Select Category

OR

Search Vulnerability

;
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO