You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is it possible to add an issue into the findings when a CSP policy is not implemented. I could modify the extension myself but I think it should be added to the approved version in the BApp Store.
The text was updated successfully, but these errors were encountered:
Simon-Davies
changed the title
Doesn't report on no CSP policy being in place
Doesn't report a CSP policy not being implemented
Mar 26, 2019
Simon-Davies
changed the title
Doesn't report a CSP policy not being implemented
Doesn't report on a CSP policy not being implemented
Mar 26, 2019
I was not a big fan to see the missing header as a weakness. It should be seen as defense in depth. It has the potential to pollute the burp scanning results (not totally since the issues are group).
But it makes sense if the CSP is applied in some locations of the website.. It should be enabled everywhere.
2021 update
Burp built-in rules now advertise missing CSP header.
Is it possible to add an issue into the findings when a CSP policy is not implemented. I could modify the extension myself but I think it should be added to the approved version in the BApp Store.
The text was updated successfully, but these errors were encountered: