[Info] CSP header allows unsafe-inline and unsafe-eval for scripts

## Description
Content-Security-Policy includes:
```
script-src 'self' 'unsafe-inline' 'unsafe-eval'
```

This weakens XSS protection since inline scripts and `eval()` are allowed.

## Context
Common for Next.js apps. Low priority but worth noting for security posture.

## Reference
https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy

## Severity
ℹ️ Info — noting for future improvement

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Info] CSP header allows unsafe-inline and unsafe-eval for scripts #26

Description

Context

Reference

Severity

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Info] CSP header allows unsafe-inline and unsafe-eval for scripts #26

Description

Description

Context

Reference

Severity

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions