CSP header not implemented

Description

Incorrectly configured Content Security Policy could expose an application against client-side threats including Cross-Site Scripting, Cross Frame Scripting, and Cross-Site Request Forgery, etc.

Bussines Impact

Configuring Content Security Policy (CSP) involves the Content-Security-Policy (CSP) HTTP header to a Web page and giving values ​​to control what resources the user agent is allowed to load for that page.

Recommendation

Make sure all headers are set up correctly.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »