Does a *.example.com for a content security policy header also match example.com?

Question

Say I have this header set on mywebsite.com:

Content-Security-Policy: script-src self https://*.example.com

I know it will all

Answer 1

According to Mozilla's docs you should include 'self' as well as *.example.com in the CSP header if you want to include the base domain.