The default templates of the current version of RSA Authentication Agent 7.1.4 for Web for Apache Web Server require adding:
script-src 'unsafe-inline'
in Content-Security-Policy.
Can you provide ultimate list of every inline scripts used (or their hashes) so sha256-XXXX can be used in order to disallow running not authorized inline scripts?