Add a passive scan rule to check CSP for:
Including the options eval-script or inline-script
Including any http resources from an https page
Including a large number of sources
Using an 'excessive' wildcard (like *.com)
Original issue reported on code.google.com by psii...@gmail.com on 19 Feb 2013 at 3:51
Original issue reported on code.google.com by
psii...@gmail.com
on 19 Feb 2013 at 3:51