Weak frame-ancestors Detected in Content Security Policy (CSP) Declaration

Summary

Acunetix 360 detected that a weak frame-ancestors value used in CSP declaration.

Impact

An attacker can carry out a successful iframe injection attack.

Remediation

• Set the frame-ancestors directive to specify only trusted domains that are allowed to embed your page.
• If you do not want your page to be embedded anywhere, set frame-ancestors to 'none'.

Severity

Classification