no default src doesn't behave exactly like *
This page has a CSP header but an unknown directive.
This should have no impact on an img loaded from a data:
uri, or an inline script, although that would be blocked by a default-src policy of *.
Running, 1 complete, 1 remain