Content Security Vulnerability in ASP.NET(WebForms)

[hashaghate]

Hi All,

Penetration Testing reported CSP vulnerability for our asp.net application. Below is the CSP tag we have included in web.config file.

<add name="Content-Security-Policy" value="default-src 'self' 'unsafe-inline'; script-src 'self' https://*.***.***.**/ 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline'; img-src 'self' https://*.***.***.**/; style-src 'self' 'unsafe-inline' https://*.***.***.**/ " />

Still issue is not resolved, do you have any idea how to handle it.