The host is installed with Apple Safari before 6.2.8, 7.x before 7.1.8 or 8.x before 8.0.8 and is prone to an information disclosure vulnerability. A flaw is present in the application, which does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests. Successful exploitation allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report.