TWA 0218

TWA-0218

Message

"Content-Security-Policy has one or more 'unsafe-eval' policies"

Explanation

The Content-Security-Policy is sent from the web server to the web browser in the HTTP header. The Content-Security-Policy directives allows a stricter protection of the web page content by the web browsed.

The Content-Security-Policy is a field in the header of the HTTP response. The value is a string with internal structure, a list of one or more directives. The unsafe-eval directive allows dynamic executing code, e.g. activates the eval function of JavaScript.

Remediation

Remove all unsafe-eval directives from the Content-Security-Policy in the web server configuration.

Only use the unsafe-eval, if the web application needs the setting. Consider changing the web application to work without dynamic script code / without unsafe-eval in the Content-Security-Policy.

See

Home
Codes
TWA-00YY
- TWA-0001
TWA-01YY
TWA-02YY
- TWA-0201
- TWA-0202
- TWA-0203
- TWA-0204
- TWA-0205
- TWA-0206
- TWA-0207
- TWA-0208
- TWA-0209
- TWA-0210
- TWA-0211
- TWA-0212
- TWA-0213
- TWA-0214
- TWA-0215
- TWA-0216
- TWA-0217
- TWA-0218
- TWA-0219
- TWA-0220
- TWA-0221
- TWA-0222
- TWA-0223
- TWA-0224
- TWA-0225
- TWA-0226
- TWA-0227
- TWA-0228
- TWA-0229
- TWA-0230
TWA-03YY
TWA-04YY
- TWA-0401
- TWA-0402
- TWA-0403
- TWA-0404
- TWA-0405
- TWA-0406
- TWA-0407
- TWA-0408
- TWA-0409
- TWA-0410
TWA-05YY
- TWA-0501
- TWA-0502
- TWA-0503
- TWA-0504
TWA-06YY
- TWA-0601
- TWA-0602
- TWA-0603
- TWA-0604
TWA-07YY
- TWA-0701
TWA-08YY
- TWA-0801
- TWA-0802
- TWA-0803
- TWA-0804
- TWA-0805
- TWA-0806
- TWA-0807
- TWA-0808
- TWA-0809
- TWA-0810
TWA-09YY
- TWA-0901

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

TWA 0218

TWA-0218

Message

Explanation

Remediation

See

Clone this wiki locally