What is the "CSP uses wildcards" check?

P1 · HighSecurity

CSP uses wildcards

CSP permits * sources

Code: csp_wildcard_source

CSP permits * sources. Browsers and users expect sites to be secure. Missing protections expose visitors to data theft, phishing, and loss of trust.

HTTPS certificate has expired

Certificate expires in < 7 days

Certificate expires in < 30 days

HTTP does not redirect to HTTPS

HTTPS page loads HTTP resources

Get a complete audit in under 2 minutes. No account required.