Nonce Usage Detected in Content Security Policy (CSP) Directive

Severity: Information

Summary#

CSP nonce directives make use of the inline scripts and script blocks possible in a page. However, this feature comes with CSP2 and CSP2 is not supported by all browsers.

Classifications#

ISO27001-A.14.2.5

Further Reading#

Content Security Policy (CSP) Explained

Invicti Security Insights

Using Content Security Policy (CSP) to Secure Web Applications
Remote Hardware Takeover via Vulnerable Admin Software
The dangers of incorrect CSP implementations
Leverage Browser Security Features to Secure Your Website

Nonce Usage Detected in Content Security Policy (CSP) Directive

Related Articles

Build your resistance to threats. And save hundreds of hours each month.