Content Security Policy Deep Analysis

Phase 2config mgmtWSTG-CONF

Description

Parses the Content-Security-Policy header for unsafe directives ('unsafe-inline', 'unsafe-eval', wildcard or HTTP script-src) and checks whether CSP violation reporting is configured.

Security Impact

A misconfigured CSP provides only a false sense of security. 'unsafe-inline' and 'unsafe-eval' negate most XSS protection; missing report-uri means active attacks go undetected.

Automated Detection & AI Remediation

DygDog automatically detects Content Security Policy Deep Analysis using its continuous, passive scanning engine. When discovered, DygDog provides infrastructure-specific, copy-paste ready code snippets generated by frontier AI models to help you remediate the issue instantly without generic advice.

Start Free Scan