Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags

CVE: CVE-2003-0083, CVE-2003-0134, CVE-2003-0189, CVE-2003-0245
CWE: CWE-20

Summary

Content-Security-Policy-Report-Only cannot be declared between META tags.

Actions To Take

If you want to use one of the CSP in report only mode, you should declare it in response headers.

Classifications

OWASP 2013-A5, OWASP 2017-A6

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO