CSP: Meta Policy Invalid Directive
- Risk:
Medium
- Type:
- Passive
- CWE:
- 693
- Summary
- The policy specified via meta element contains either or both the sandbox or frame-ancestors directive, which are not permitted inside meta CSP definitions.
- Solution
- Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.