Content-Security-Policy Header is Missing
Impact: Low
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement to distribution of malware. Mozilla
Recommendation
Configure your server to send this header for all pages. You can see references for possible values.
References
👉 You might also like:
Referrer-Policy Header is Missing - Vulnerability
Strict-Transport-Security Header is Missing - Vulnerability
X-Content-Type-Options Header is Missing - Vulnerability
X-Frame-Options Header is Missing - Vulnerability
Last updated on February 15, 2021