Incorrect Content Security Policy (CSP) Implementation

Severity: Information

Invicti detected that CSP is implemented inside body tag.


This usage is not supported and will be ignored by the browsers.


Declare CSP in HTTP headers or with meta tags inside head element instead of body.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works