CSP header not implemented


During the scan, Kayran managed to find that a CSP header is not implemented.
Incorrectly configured CSP (Content Security Policy) could expose an application to client-side threats including Cross-Site Scripting (XSS), Cross Frame Scripting, and Cross-Site Request Forgery and so on.

Configuring Content Security Policy (CSP header) involves the CSP HTTP header to a certain Web page. It also involves giving values ​​to control what resources the user agent is allowed to load for that page.


CVSS Version 3.x – 4.3 Medium


Make sure all headers are being set up correctly and accordingly, in order to prevent this vulnerability.

Define your CSP by using a list of policies and values that states which resources your site will allow or restrict. Test your CSP to make sure it works properly. Then, implement the CSP you’ve created.




< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »