Synopsis : The remote web server does not take steps to mitigate a class of web application vulnerabilities. Description : The remote web server in some responses sets a permissive Content-Security-Policy (CSP) response header or does not set one at all. The CSP header has been proposed by the W3C Web Application Security Working Group as a way to mitigate cross-site scripting and clickjacking attacks.
You can verify your website via: https://securityheaders.io
- Content Security Policy – An Introduction