withinsecurity: Uses unsafe-inline without nonce

ID H1:96218
Type hackerone
Reporter cyberattacker
Modified 2015-10-28T23:41:24


Hi, I found you website using Uses unsafe-inline without nonce. Allowing unsafe-eval can increase risk of various types of attacks. Consider adding a nonce which makes injecting malicious code more difficult as an attacker would need to guess the nonce. Thanks,