default-src Used in Content Security Policy (CSP)

Summary

Netsparker detected that you used default-src in CSP directive. It is important to know that default-src cannot be used as a fallback for the functions below:

base-uri

form-action

frame-ancestors

plugin-types

report-uri

sandbox

Classifications

OWASP PC-C9

Further Reading

Content Security Policy (CSP) Explained

Netsparker Security Insights

Remote Hardware Takeover via Vulnerable Admin Software
Negative Impact of Incorrect CSP Implementations
Leverage Browser Security Features to Secure Your Website
Content Security Policy (CSP) Explained

Vulnerability Index

You can search and find all vulnerabilities

Select Category

Critical
High
Medium
Low
Information
Best Practice

Search Vulnerability

Tags

CSP

Related Vulnerabilities

Blind SQL Injection
Local File Inclusion
Misconfigured Access-Control-Allow-Origin Header
Missing X-Frame-Options Header
Directory Listing (Nginx)

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO