Detections
Analytics

Content Security Policy Permissive Sources

info Web App Scanning Plugin ID 114564

Synopsis

Content Security Policy Permissive Sources

Description

Content Security Policy (CSP) is a web security standard that helps prevent attacks like XSS, clickjacking and mixed content by restricting which resources browsers can load.

Several high-risk sources have been detected in the CSP that could allow bypassing these protections through permissive domains or public CDNs. These permissive sources could be exploited by attackers to inject malicious content despite CSP restrictions.

Solution

Restrict the CSP by limiting sources to strictly necessary domains and avoiding the use of wildcards (*) in domains.

See Also

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

Plugin Details

Severity: Info

ID: 114564

Type: remote

Published: 1/17/2025

Updated: 1/17/2025

Scan Template: basic, config_audit, full, overview, pci, quick, scan