Increased vulnerability to Cross-Site Request Forgery (CSRF) attacks.
Enable this setting. From Setup, enter "Session Settings" in the Quick Find box, then select Session Settings. Then enable "Enable Stricter Content Security Policy".
Time to fix
This rule is linked to CWE-1021: Improper Restriction of Rendered UI Layers or Frames.