*Pankaj here I found Vulnerability on your domain* https://sparta.eu/ *Vulnerability name:CSP: Wildcard Directive* *Description:* Content Security Policy is an effective measure to protect your site from XSS attacks. By whitelisting sources of approved content, you can prevent the browser from loading malicious assets. The following directives either allow wildcard sources (or ancestors), are not defined, or are overly broadly defined: *script-src, script-src-elem, script-src-attr, style-src, style-src-elem, style-src-attr, img-src, connect-src, frame-src, font-src, media-src, object-src, manifest-src, worker-src, prefetch-src, form-action* The directive(s): form-action are among the directives that do not fallback to default-src, missing/excluding them is the same as allowing anything. *Steps to reproduce:* 1)Go to : https://securityheaders.com/ 2) Enter host name https://sparta.eu/ *3)You will see CSP MISSING* *Solution:* Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header [image: image.png]