default-src Used in Content Security Policy (CSP)

Severity: Information

Summary#

Invicti detected that you used default-src in CSP directive. It is important to know that default-src cannot be used as a fallback for the functions below:

base-uri

form-action

frame-ancestors

plugin-types

report-uri

sandbox

Classifications#

ISO27001-A.14.2.5

Further Reading#

Content Security Policy (CSP) Explained

Invicti Security Insights

Using Content Security Policy (CSP) to secure web applications
Remote Hardware Takeover via Vulnerable Admin Software
The dangers of incorrect CSP implementations
Leverage Browser Security Features to Secure Your Website

Select Category

Critical
High
Medium
Low
Best Practice
Information

Search Vulnerability

default-src Used in Content Security Policy (CSP)

Related Articles

Build your resistance to threats. And save hundreds of hours each month.