Question

19
Views
AnjaniKumarP0301 Member since 2020 11 posts
E-Pragati
Posted: 2 months ago
Last activity: 2 months ago

Missing Security headers

Web Browser XSS Protection is nor enabled, or is disabled by the configuration of X-XSS – Protection HTTP response header on the web server Content Security Policy (CSP) is an effective "defence in depth" technique to be used against content injection attacks. It is a declarative policy that informs the user agent what are valid sources to load from.

There is no direct impact of not implementing CSP and XSS on your website. However, if your website is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability.

Share this page LinkedIn