Host Papa "AU protection plus" OWASP scan reports vulnerabilities, please see attached screenprint. I have no idea about this stuff, is it an issue?
If the Content Security Policy (CSP) is set to wildcard (*), you can actually say that the CSP is not configured at all and is useless in this setting. The CSP configuration really depends on what you want to end up with â€” if you want it configured correctly, you will have to do a lot of hard work and keep track of it, but in most cases it is not really needed (but recommended).
Read about CSP on OWASP website https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html