https://community.cisco.com/t5/network-security/cscwo94394-remove-unsafe-directives-content-security-policy/m-p/5544803#M1124939 <P>Hi all,<BR />I’m trying to find out if bug CSCwo94394 (“Remove unsafe-inline and unsafe-eval directives from Content-Security-Policy header on VPN web server”) has been resolved in any released ASA version yet.<BR />We are currently running ASA 9.22(2) and our security vendor (SecurityScorecard) is flagging the broad CSP directives on the AnyConnect login page. The bug describes exactly our scenario.<BR />Does anyone know:<BR />1. Has this fix been released in any ASA interim or maintenance build?<BR />2. If not, is there an estimated target release?<BR />Any help appreciated. Thanks.</P> Sat, 11 Apr 2026 10:51:36 GMT wagner.cecato 2026-04-11T10:51:36Z https://community.cisco.com/t5/network-security/cscwo94394-remove-unsafe-directives-content-security-policy/m-p/5544803#M1124939 <P>Hi all,<BR />I’m trying to find out if bug CSCwo94394 (“Remove unsafe-inline and unsafe-eval directives from Content-Security-Policy header on VPN web server”) has been resolved in any released ASA version yet.<BR />We are currently running ASA 9.22(2) and our security vendor (SecurityScorecard) is flagging the broad CSP directives on the AnyConnect login page. The bug describes exactly our scenario.<BR />Does anyone know:<BR />1. Has this fix been released in any ASA interim or maintenance build?<BR />2. If not, is there an estimated target release?<BR />Any help appreciated. Thanks.</P> Sat, 11 Apr 2026 10:51:36 GMT https://community.cisco.com/t5/network-security/cscwo94394-remove-unsafe-directives-content-security-policy/m-p/5544803#M1124939 wagner.cecato 2026-04-11T10:51:36Z https://community.cisco.com/t5/network-security/cscwo94394-remove-unsafe-directives-content-security-policy/m-p/5544804#M1124940 <P>&nbsp;</P> <P>&nbsp; &nbsp;&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/305601">@wagner.cecato</a>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <EM>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &gt;....2. If not, is there an estimated target release?</EM><BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;The <STRONG>full</STRONG> bug report :&nbsp;<A href="https://bst.cisco.com/bugsearch/bug/CSCwo94394?rfs=qvred" target="_blank">https://bst.cisco.com/bugsearch/bug/CSCwo94394?rfs=qvred</A>&nbsp; &nbsp;has a&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; <STRONG>&nbsp;Fixed</STRONG> status but <FONT color="#FF6600"><EM>Known Fixed Releases is empty</EM></FONT>. That means that developers have&nbsp;<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;resolved the issue ; but it is not yet incorporated in production release for customers.<BR />&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Contact TAC to get an<STRONG> ETA</STRONG>&nbsp; <EM>(or ask for interim&nbsp; solution(version))</EM></P> <P>&nbsp; M.</P> Sat, 11 Apr 2026 11:27:28 GMT https://community.cisco.com/t5/network-security/cscwo94394-remove-unsafe-directives-content-security-policy/m-p/5544804#M1124940 Mark Elsen 2026-04-11T11:27:28Z