-
- Site: [https://privategamehost.com:6444](https://privategamehost.com:6444)
**New Alerts**
- **Content Security Policy (CSP) Header Not Set** [10038] total: 3:
- [https://privategamehost.co…
-
- Site: [http://f5ce604a6912da3200031e80114f2ca1.serveo.net](http://f5ce604a6912da3200031e80114f2ca1.serveo.net)
- Site: [http://f5ce604a6912da3200031e80114f2ca1.serveo.net](http://f5ce604a6912da320…
-
- Site: [https://dvna-team-1.canadacentral.cloudapp.azure.com](https://dvna-team-1.canadacentral.cloudapp.azure.com)
- Site: [http://dvna-team-1.canadacentral.cloudapp.azure.com](http://dvna-team-1.…
-
The [CSP (Content Security Policy)](https://developer.mozilla.org/en-US/docs/Web/Security/CSP) can be used on any document to limit the document's scripting ability. [caniuse](http://caniuse.com/#sear…
-
- Site: [https://dev.healthprovideridentityportal.gov.bc.ca](https://dev.healthprovideridentityportal.gov.bc.ca)
**New Alerts**
- **Cloud Metadata Potentially Exposed** [90034] total: 1:
- […
-
As some application security vendors started checking for the presence of the CSP header and raise lack of it as an issue, I think it's necessary to clarify when precisely for which resources it's rea…
-
This is a placeholder issue.
Similar to the support that we have for CORS in APIs, we should have support for Content Security Policy to make sites safer by default.
Support for CSP would be polic…
-
Limiting use of URLs in the HTML `base` tag by controlling the [base-uri element](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/base-uri) in a content security poli…
-
The value for [`base-uri`](https://w3c.github.io/webappsec-csp/#directive-base-uri) is a [`serialized-source-list`](https://w3c.github.io/webappsec-csp/#grammardef-serialized-source-list), which means…
-
Hi
I’m currently working on a phased plan to implement CSP for BBC online (as we’re currently rolling out HTTPS) and have come across an issue for which I have a suggestion - an amendment to the curr…