[Nikto-discuss] Nikto doesn't understand CSP

Robin Wood robin at digi.ninja
Sat Aug 9 15:13:42 CDT 2014


I just got this in a scan using the latest Git code:

+ Uncommon header 'content-security-policy-report-only' found, with
contents: default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-src
https://* about: javascript:; img-src data:

Is it reported as Uncommon because it doesn't know about it or is it just
pointing out that not many sites set it? I'd guess it is the first.

Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://attrition.org/pipermail/nikto-discuss/attachments/20140809/5f1f06cc/attachment.html>


More information about the Nikto-discuss mailing list