Forum Discussion
gsharri
Jul 11, 2014Altostratus
There are many features on ASM that inject javascript into responses:
1) Analytics profile on the virtual server tracking page load time
2) CSRF protection (as Sam pointed out)
3) Anomaly>Web Scraping feature
4) DoS protection profile using "client-side integrity defense" settings