Incorrect Content Security Policy (CSP) Implementation

Severity: Information
Summary#

Invicti detected that CSP is implemented inside body tag.

Impact#

This usage is not supported and will be ignored by the browsers.

Remediation#

Declare CSP in HTTP headers or with meta tags inside head element instead of body.

Invicti

Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo