Content-Security-Policy-Report-Only cannot be declared between META tags.
If you want to use one of the CSP in report only mode, you should declare it in response headers.
You can search and find all vulnerabilities
Dead accurate, fast & easy-to-use Web Application Security Scanner
Netsparker Ltd 220 Industrial Blvd Ste 102Austin, TX 78745
© Netsparker 2021, by Invicti