nuclei-templates/miscellaneous/missing-csp.yaml

id: missing-csp
info:
  name: CSP Not Enforced
  author: geeknik
  severity: info
  description: Checks if there is a CSP header
requests:
  - method: GET
    path:
      - '{{BaseURL}}'
    redirects: true
    matchers:
      - type: dsl
        dsl:
          - '!contains(tolower(all_headers), ''content-security-policy'')'
Create missing-csp.yaml Checks for a CSP header 2020-09-08 14:11:58 +00:00			`id: missing-csp`
			`info:`
			`name: CSP Not Enforced`
			`author: geeknik`
			`severity: info`
			`description: Checks if there is a CSP header`
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}'`
			`redirects: true`
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- '!contains(tolower(all_headers), ''content-security-policy'')'`