Content Security Policy Deep Analysis
Phase 2config mgmtWSTG-CONF
Description
Parses the Content-Security-Policy header for unsafe directives ('unsafe-inline', 'unsafe-eval', wildcard or HTTP script-src) and checks whether CSP violation reporting is configured.
Security Impact
A misconfigured CSP provides only a false sense of security. 'unsafe-inline' and 'unsafe-eval' negate most XSS protection; missing report-uri means active attacks go undetected.
Automated Detection & AI Remediation
DygDog automatically detects Content Security Policy Deep Analysis using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.
Start Free Scan