seoroast.org

A

App Router

1Low

Attack Surface

7

Routes

0

Query Params

1

Custom Headers

POST

/api/create-premium-checkout-session

UNKNOWN

/api/events

GET

/audits

GET

/billing

GET

/dashboard

GET

/premium

GET

/tools

Range

Security Findings

LOW

Missing Content-Security-Policy Header

The Content-Security-Policy header is not set

Finding #1 of 1

The Content-Security-Policy header is not set. CSP provides defense-in-depth against XSS and data injection attacks by restricting resource loading sources.

Location

https://seoroast.com

Remediation

Add a Content-Security-Policy header in next.config.js:

async headers() {
  return [{
    source: '/(.*)',
    headers: [
      { key: 'Content-Security-Policy', value: "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';" },
    ],
  }]
}

Other Recent Reports

View all security reports →

seoroast.org

Attack Surface

Routes (7)

Custom Headers (1)

Security Findings

Missing Content-Security-Policy Header