Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Incorrect Content Security Policy (CSP) Implementation

Severity: Information
Summary#

Invicti detected that CSP is implemented inside body tag.

Impact#

This usage is not supported and will be ignored by the browsers.

Remediation#

Declare CSP in HTTP headers or with meta tags inside head element instead of body.

Classifications#
, , , ,
Further Reading#
Invicti Security Insights

Select Category

OR

Search Vulnerability

Tags

OWASP 2013-A5 OWASP 2017-A6 CSP

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works