Netsparker detected that CSP is implemented inside body tag.
This usage is not supported and will be ignored by the browsers.
Declare CSP in HTTP headers or with meta tags inside head element instead of body.
You can search and find all vulnerabilities
Dead accurate, fast & easy-to-use Web Application Security Scanner