ANSSI Reco-WebSec §4.3

CSP sans 'unsafe-eval'

UnveilScan findings mapped to this control

The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.csp_unsafe_eval ⏱ 2h

WEB — Csp unsafe eval

Risk if ignored: Dynamic code injection via eval / new Function succeeds. Libraries that use eval in prod (old Angular, Alpine) widen the hole.

security

Also maps to 1 other control

PCI-DSS 4.0 6.4.3 — Client-side tampering