Summary

The following CSP directives cannot be used in meta elements and can only be set via headers:

  • frame-ancestors
  • sandbox
  • report-uri

Remediation

Move these CSP directives to headers.

Severity

Information

Classification

CWE-16 ISO27001-A.14.2.5 WASC-15 OWASP 2013-A5 OWASP 2017-A6