SolutionEnsure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Other InfoThe header X-WebKit-CSP was found on this response. While it is a good sign that CSP is implemented to some degree the policy specified in this header has not been analyzed by ZAP. To ensure full support by modern browsers ensure that the Content-Security-Policy header is defined and attached to responses.