Is there any fix for the CSP headers with Unsafe-inline and unsafe-eval parameters concerning the XSS and Clickjacking?

IDM 14.5.1

The CSP header was configured with unsafe-eval and unsafe-inline directives

Firstly, the IGA cannot support the CSP header without unsafe-eval and unsafe-inline directives but configuring those two directives is not recommended.
If the vulnerability is reported, then we suspect that the CSP was configured with those two directives
Hence, the scan test might report the issue as misconfiguration.

We do have an alternate defense mechanism in place in the application.