Amir Yusoff

Most likely, there is some kind of injection on the web page. Since the web server only accept return value of CSP to strict, the web server will drop any 'tampering'. Am I right?

It's kinda a tricky question. My production web server running on Outsystem at the front -end receive an error as below, Source CSPReport Message Content Security Policy blocked 'https://gc.kis.v2.scr.kaspersky-labs.com/FD126C42-EBFA-4E12-B309-BB3FDD723AC1/main.js?attr=6Bhssj4c9_yPKq6_BbVfBHV3CaLZqy6nyzCb_srXejD_V5sjzVAiwCGaq8osBhivkCJdHVmPpsDkPvWR897FjNPtByAgONX5cuiJPoTlZ5hqg-RSAT0d3yqRGN7SKK6dtdPa-p7mBSVR_FRSnp8JCfOFlt5F7ppTYy9hTRQ8JH-Z0UuSzcX-V2b7UdYPreUU8Ac3ZUVC9ah44vXmqjqpejJDfxypgFPaM2gzKjeTXg4'. I know this is related to CSP but for your information, there was no Kaspersky antivirus running on these servers. How do I confirmed if gc.kis.v2.scr.kaspersky-labs belong to Home Products maybe installed on the user side. Thank you