Your regular expression extractor configuration is flaky. See JMeter's documentation on Regular Expressions
1. For extracting from response body it should be
2.For extracting from response header:
<meta name="csrf-token" content="(.+?)"/>
Make sure that "Field to check" is "Response Headers"
Use the following regex:
In both cases use $1$ as Template
For more information on bypassing CSRF protection in your JMeter tests see How to Load Test CSRF-Protected Web Sites guide.