Remediation Steps

Follow the steps below to remediate this finding on Apache webserver.

1. Ensure mod_headers is enabled:

   sudo a2enmod headers

2. Add to your apache2.conf or VirtualHost configuration:

   Header always set Content-Security-Policy "default-src 'self'; script-src 'self'; object-src 'none';"

3. Reload Apache:

   sudo systemctl reload apache2