Besides the Content-Security-Policy header, there is the Content-Security-Policy-Report-Only header that is used to report violations against the CSP without blocking content.
We should implement a check for this header and send a hint to the user, that he should consider using the Content-Security-Header instead.
Besides the
Content-Security-Policy
header, there is theContent-Security-Policy-Report-Only
header that is used to report violations against the CSP without blocking content.We should implement a check for this header and send a hint to the user, that he should consider using the
Content-Security-Header
instead.