During the scan, Kayran managed to find that a CSP header is not implemented.
Incorrectly configured CSP (Content Security Policy) could expose an application to client-side threats including Cross-Site Scripting (XSS), Cross Frame Scripting, and Cross-Site Request Forgery and so on.
Configuring Content Security Policy (CSP header) involves the CSP HTTP header to a certain Web page. It also involves giving values to control what resources the user agent is allowed to load for that page.
CVSS Version 3.x – 4.3 Medium
Make sure all headers are being set up correctly and accordingly, in order to prevent this vulnerability.
Define your CSP by using a list of policies and values that states which resources your site will allow or restrict. Test your CSP to make sure it works properly. Then, implement the CSP you’ve created.