withinsecurity: Uses unsafe-inline without nonce

2015-10-27T23:15:12
ID H1:96218
Type hackerone
Reporter cyberattacker
Modified 2015-10-28T23:41:24

Description

Hi, I found you website using Uses unsafe-inline without nonce. Allowing unsafe-eval can increase risk of various types of attacks. Consider adding a nonce which makes injecting malicious code more difficult as an attacker would need to guess the nonce. Thanks,