Replies: 0
When I check my web pages in Lighthouse, several pages display these 3 errors:
Ensure CSP is effective against XSS attacks
A strong Content Security Policy (CSP) significantly reduces the risk of cross-site scripting (XSS) attacks.
1) script-src directive is missing. This can allow the execution of unsafe scripts.
2) Elements controlled by object-src are considered legacy features. Consider setting object-src to ‘none’ to prevent the injection of plugins that execute unsafe scripts.
3) No CSP configures a reporting destination. This makes it difficult to maintain the CSP over time and monitor for any breakages.
I do not get this error on every web page, only on a few. Why am I seeing this and how do I fix it?