Home / Vulnerabilities / Information / Missing frame-ancestors in CSP Declaration

Missing frame-ancestors in CSP Declaration

Severity: Information

Summary#

Invicti detected that frame-ancestors is missed in CSP declaration. It allows the injection of iframes.

Remediation#

Set frame-ancestors to 'none' in CSP declaration:

Content-Security-Policy: frame-ancestors 'none' Content-Security-Policy: frame-ancestors 'self' https://www.example.org

Classifications#

ISO27001-A.14.2.5, CWE-16, WASC-15

Build your resistance to threats. And save hundreds of hours each month.