10055-11CSP: Meta Policy Invalid Directive

PUBLISHEDsecurity alertMedium
Passive

Metadata

Alert ID:
10055-11
Risk:
Medium
Type:
Passive

摘要

The policy specified via meta element contains either or both the sandbox or frame-ancestors directive, which are not permitted inside meta CSP definitions.

解决方案

Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.

参考