Forum Discussion
samstep
Sep 02, 2018Cirrocumulus
It depends on your ASM Policy. Several features in ASM depend on things like injecting JavaScript into responses which may potentially break the content from rendering in the browser (should not affect the tcpdump though).
Such features include Web Scraping, CSRF protection, device fingerprinting, Bot Defense / Client-Side Human User Indicator /CAPTCHA etc...
So instead of removing the ASM policy completely the recommendation is to switch off off the features and violations which may interfere with response first.
Also try your application with the most basic policy such as Rapid Deployment Template.
Also check Support Knowledge base, for example this article: