Forum Discussion
BinaryCanary_19
May 06, 2015Historic F5 Account
It's server-side response.
The solution says that: ASM modifies the response in order to insert the CSRF javascript, and it only does it for responses that contain tag
html
, and which are uncompressed.