Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive

Severity: Information

Invicti detected that wildcard was used in port portion of a CSP directive.


There is no direct impact, however in conjunction with some other issues this can be abused by an attacker. Wildcard means you trust all the applications hosted in all of the ports of the target domain. For example another port on the same IP address might be a vulnerable hosting panel control application.


If this is not really necessary use a static port. If you need the use the wildcard then ensure that you trust the all ports of the target URI.


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo