1. Support Center
  2. Issue Definitions
  3. Content security policy: not enforced

Content security policy: not enforced

Description: Content security policy: not enforced

Content Security Policy (CSP) is a security mechanism designed to mitigate cross-site scripting attacks by disabling dangerous behaviours such as untrusted JavaScript execution. Websites can specify their security policy in a response header or meta tag, enabling fine-grained control over dangerous features like scripts and stylesheets.

Remediation: Content security policy: not enforced

We recommend transitioning from using the Content-Security-Policy-Report-Only header to the Content-Security-Policy header for CSP deployment, ensuring effective policy enforcement.

References

Vulnerability classifications

    Typical severity

    Information

    Type index (hex)

    0x00200509

    Type index (decimal)

    2098441

    Burp Scanner

    This issue - and many more like it - can be found using our web vulnerability scanner

    Read more

    Get Burp

    Scan your web application from just $449.00

    Find out more