I am building a tool (in PHP) that checks the Content Security Policy on a site, seemed to work fine until I checked this URL:-
https://blog.securityevaluators.com/websockets-not-bound-by-cors-does-this-mean-2e7819374acc
For some reason get_headers() does not return the content-security-policy on this site, but it does show in google chrome developer tools.
I have checked the source code and it isn't being set by a meta tag as far as I can tell?
I also tried getting the headers by using Curl and setting a user agent but that also doesn't seem to be the issue.
Is there a request header I might need depending on their setup?
A bit confused so hoping someone can point me in the right direction!
Thanks in advance.
