Content Security Policy (CSP) header not set #40
Description
Find more live information in Aikido here: https://app.aikido.dev/queue?sidebarIssue=16047720&groupId=37390&sidebarIssueTask=1290609&sidebarTab=tasks
Scope
This task includes issues in the following domain:
TLDR
Content Security Policy (CSP) is a first line of defense against common attacks including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft via account takeovers to site defacement or distribution of malware. CSP config allows you to declare what content can be loaded and executed via a standard HTTP header. You can whitelist JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
How to fix
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.