The web application does not return a Content-Security-Policy header. Content security policy (CSP) is a web security standard designed to make it much harder for an attacker to exploit cross-site scripting (XSS), clickjacking or related vulnerabilities. CSP allows the web server to specify, through the use of the Content-Security-Policy HTTP response header, that clients should not load CSS, JavaScript or other page assets not specifically flagged for inclusion in the page.
The web application does not return a Content-Security-Policy header. Content security policy (CSP) is a web security standard designed to make it much harder for an attacker to exploit cross-site scripting (XSS), clickjacking or related vulnerabilities. CSP allows the web server to specify, through the use of the Content-Security-Policy HTTP response header, that clients should not load CSS, JavaScript or other page assets not specifically flagged for inclusion in the page.
Severity: Low
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVSS Score: 3.1
Recommendation: Return the Content-Security-Policy HTTP header in application responses, containing an appropriate policy.