missing-csp
missing-csp
Content-Security-Policy is an HTTP header that helps mitigate a number of attacks, including Cross-Site Scripting. Missing Content-Security-Policy is flagged by this rule when a pipeline implements the
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-693: Protection Mechanism Failure
OWASP:
- A05:2021 - Security Misconfiguration
:put_secure_browser_headers plug, but does not provide a Content-Security-Policy header in the custom headers map.Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-693: Protection Mechanism Failure
OWASP:
- A05:2021 - Security Misconfiguration