no default src doesn't behave exactly like *
This page has a CSP header but an unknown directive. This should have no impact on an img loaded from a data: uri, or an inline script, although that would be blocked by a default-src policy of *.