content-security-policy header is not detected

securityheaders / securityheaders-bugs

Bug tracker for https://securityheaders.io

20 stars 0 forks source link

Closed jesvinjames closed 4 years ago

jesvinjames commented 4 years ago

content-security-policy header on https://haveibeenpwned.com/ is not detected. The header is returned by the server.

jesvinjames commented 4 years ago

A 403 Forbidden was returned by cloudflare server when the site was scanned. The server returns CSP header with 200 OK response.