stage	group	info
Secure	Dynamic Analysis	To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments

Content-Security-Policy-Report-Only analysis

Description

A Content-Security-Policy-Report-Only (CSPRO) was identified on the target site. CSP-Report-Only headers aid in determining how to implement a Content-Security-Policy that does not disrupt normal use of the target site.

Remediation

Follow the recommendations to determine if any actions are necessary to harden this Content-Security-Policy-Report-Only. After all alerts have been resolved, we recommend that this header be changed to Content-Security-Policy.

Details

ID	Aggregated	CWE	Type	Risk
16.9	true	16	Passive	Info

Links

CWE
OWASP
MDN
Content Security Policy Level 3
CSP Evaluator

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

16.9.md

16.9.md

Content-Security-Policy-Report-Only analysis

Description

Remediation

Details

Links

Files

16.9.md

Latest commit

History

16.9.md

File metadata and controls

Content-Security-Policy-Report-Only analysis

Description

Remediation

Details

Links