Details
Alert ID 10055-12
Alert Type Passive
Status release
Risk Informational
CWE 693
WASC 15
Technologies Targeted All
Tags CWE-693
OWASP_2017_A06
OWASP_2021_A05
More Info Scan Rule Help

Summary

The message contained both CSP specified via header and via Meta tag. It was not possible to union these policies in order to perform an analysis. Therefore, they have been evaluated individually.

Solution

Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

Other Info

References

Code

org/zaproxy/zap/extension/pscanrules/ContentSecurityPolicyScanRule.java