Wildcard Detected in Domain Portion of Content Security Policy (CSP) Directive

Severity: Information
Summary#

Invicti detected that wildcard was used in domain portion of a CSP directive.

Impact#

This means you trust all of the subdomains of this domain, if this is the case there is no impact.

Remediation#

If you trust all of the subdomains and if this is necessary then you do not need to take any actions. However if this is not the case replace the wildcard with the only subdomain that you trust.

Classifications#
Invicti

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo