CSP Limits Recomendation

Hi WebAppSec List,

I'm looking for the recommendation in case of too many subdomains in the
CSP response header.
For example, when it's recommended to use *.example.com since the
example.com subdomains allowed are too many.
I double checked here https://www.w3.org/TR/CSP3/ but couldn't find
anything about it.

Best regards,
Ricardo Iramar

Received on Thursday, 17 October 2024 18:54:23 UTC