Nonce Usage Detected in Content Security Policy (CSP) Directive

Complimentary 90-day, on-prem license available for entities involved in Covid19 response.

Summary

CSP nonce directives make use of the inline scripts and script blocks possible in a page. However, this feature comes with CSP2 and CSP2 is not supported by all browsers.

Classifications

ISO27001-A.14.2.5, OWASP PC-C9

Further Reading

Content Security Policy (CSP) Explained

Netsparker Security Insights

Using Content Security Policy (CSP) to Secure Web Applications
Remote Hardware Takeover via Vulnerable Admin Software
Negative Impact of Incorrect CSP Implementations
Leverage Browser Security Features to Secure Your Website

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

Tags

CSP

Related Vulnerabilities

Blind SQL Injection
SQL Injection
Local File Inclusion
Misconfigured Access-Control-Allow-Origin Header
Missing X-Frame-Options Header

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO