Incorrect Content Security Policy (CSP) Implementation Severity: Information Summary# Invicti detected that CSP is implemented inside body tag. Impact# This usage is not supported and will be ignored by the browsers. Remediation# Declare CSP in HTTP headers or with meta tags inside head element instead of body. Classifications# ISO27001-A.14.2.5, OWASP 2017-A6, OWASP 2013-A5, CWE-16, WASC-15 Further Reading# Content Security Policy (CSP) Explained Invicti Security Insights Using Content Security Policy (CSP) to secure web applications Remote Hardware Takeover via Vulnerable Admin Software The dangers of incorrect CSP implementations Leverage Browser Security Features to Secure Your Website Vulnerability Index You can search and find all vulnerabilities Select Category Critical High Medium Low Best Practice Information OR Search Vulnerability Tags CSP OWASP 2013-A5 OWASP 2017-A6 Related Vulnerabilities Insecure Transportation Security Protocol Supported (SSLv2) Insecure Transportation Security Protocol Supported (SSLv3) Open Policy Crossdomain.xml Detected Open Silverlight Client Access Policy Missing Content-Type Header