Content Security Policy missing critical directives

A Content Security Policy (CSP) is a security header that tells browsers which content sources are allowed to load on your site. This site has a CSP, but it is missing three important directives: base-uri, form-action, and frame-ancestors. Without these three directives, specific attack vectors remain open even if the rest of your CSP is well-configured. An attacker could hijack your forms, redirect them to a fraudulent destination, or embed your site inside a deceptive page. Ask your developer to add base-uri 'self', form-action 'self', and frame-ancestors 'none' to your existing Content Security Policy header. Each is a short addition to an existing configuration file.