Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Weak frame-ancestors Detected in Content Security Policy (CSP) Declaration

Severity: Information
Summary#

Invicti detected that a weak frame-ancestors value used in CSP declaration.

Impact#

An attacker can carry out a successful iframe injection attack.

Remediation#
  • Set the frame-ancestors directive to specify only trusted domains that are allowed to embed your page.
  • If you do not want your page to be embedded anywhere, set frame-ancestors to 'none'.
Classifications#
, , , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works