10055-11β€”CSP: Meta Policy Invalid Directive

PUBLISHEDsecurity alertMedium
Passive

Metadata

Alert ID:
10055-11
Risk:
Medium
Type:
Passive

Summary

The policy specified via meta element contains either or both the sandbox or frame-ancestors directive, which are not permitted inside meta CSP definitions.

Solution

Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

References