Symptoms ... AVR will inject JavaScript although it should not. ... Impact ... AVR can invalidate a response, by injecting JavaScript in a page that is not actually an HTML page. ... Conditions ... "Page Load Time" in analytic profile is turned on. ... Send HTTP request with content-type is text/html without the <head> tag. ... Workaround ... Fix Information ... AVR now checks the Content-Type and the existence of the <head> header in the body of a response, before inserting CSPM JavaScript, so that it only injects the CSPM JavaScript into appropriately formatted HTML documents. ... Behavior Change