Content-Security-Policy-Report-Only analysis


A Content-Security-Policy-Report-Only (CSPRO) was identified on the target site. CSP-Report-Only headers aid in determining how to implement a Content-Security-Policy that does not disrupt normal use of the target site.


Follow the recommendations to determine if any actions are necessary to harden this Content-Security-Policy-Report-Only. After all alerts have been resolved, we recommend that this header be changed to Content-Security-Policy.


ID Aggregated CWE Type Risk
16.9 true 16 Passive Info