Search Vulnerability


Vulnerability Name Classifications Severity
Content Security Policy (CSP) Not Implemented CWE-16, ISO27001-A.14.2.5, WASC-15 Best Practice
An Unsafe Content Security Policy (CSP) Directive in Use CWE-16, ISO27001-A.14.2.5, WASC-15 Information
Content Security Policy (CSP) Contains Out of Scope report-uri Domain ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Content Security Policy (CSP) Nonce Without Matching Script Block CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Content Security Policy (CSP) report-uri Uses HTTP ISO27001-A.14.2.5, OWASP 2013-A6, OWASP 2017-A3 Information
data: Used in a Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
default-src Used in Content Security Policy (CSP) ISO27001-A.14.2.5, OWASP PC-C9 Information
Deprecated Header Instruction Used to Implement Content Security Policy (CSP) CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP PC-C9 Information
Incorrect Content Security Policy (CSP) Implementation CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Missing object-src in CSP Declaration CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP PC-C9 Information
Multiple Content Security Policy (CSP) Implementation Detected CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP PC-C9 Information
No Script Block Detected with the Hash Value Declared in Content Security Policy (CSP) ISO27001-A.14.2.5, OWASP 2013-A5, OWASP 2017-A6 Information
Nonce Usage Detected in Content Security Policy (CSP) Directive ISO27001-A.14.2.5, OWASP PC-C9 Information
Scheme URI Detected in Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
Static Nonce Identified in Content Security Policy (CSP) CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Unsupported Hash Detected in Content Security Policy (CSP) CWE-16, ISO27001-A.14.2.5, WASC-15, OWASP 2013-A5, OWASP 2017-A6 Information
Weak Nonce Detected in Content Security Policy (CSP) Declaration CWE-330, ISO27001-A.14.2.5, WASC-16, OWASP 2013-A5, OWASP 2017-A6 Information
Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
Wildcard Detected in Scheme Portion of Content Security Policy (CSP) Directive ISO27001-A.14.2.5 Information
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO