nuclei-templates/miscellaneous/missing-csp.yaml

id: missing-csp
info:
  name: CSP Not Enforced
  author: geeknik
  severity: info
  description: Checks if there is a CSP header
  tags: misc

requests:
  - method: GET
    path:
      - '{{BaseURL}}'
    redirects: true
    matchers:
      - type: dsl
        dsl:
          - '!contains(tolower(all_headers), ''content-security-policy'')'