[Nikto-discuss] Nikto doesn't understand CSP
Robin Wood
robin at digi.ninja
Sat Aug 9 15:13:42 CDT 2014
I just got this in a scan using the latest Git code:
+ Uncommon header 'content-security-policy-report-only' found, with
contents: default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src
https://* about: javascript:; img-src data:
Is it reported as Uncommon because it doesn't know about it or is it just
pointing out that not many sites set it? I'd guess it is the first.
Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20140809/5f1f06cc/attachment.html>
More information about the Nikto-discuss
mailing list