Summary

Netsparker detected that CSP is implemented inside body tag.

Impact

This usage is not supported and will be ignored by the browsers.

Remediation

Declare CSP in HTTP headers or with meta tags inside head element instead of body.

Classifications
OWASP 2013-A5
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO