Pankaj  here I found Vulnerability on your domain

https://sparta.eu/

Vulnerability name:CSP: Wildcard Directive

 

Description:

Content Security Policy is an effective measure to protect your site from XSS attacks.

By whitelisting sources of approved content, you can prevent the browser from loading malicious assets.

 

The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined:

script-src, script-src-elem, script-src-attr, style-src, style-src-elem, style-src-attr, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, prefetch-src, form-action

 

The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything.

 

Steps to reproduce:

 

1)Go to : https://securityheaders.com/

2) Enter host name https://sparta.eu/
3)You will see CSP MISSING

 

 

Solution:

Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header