CSP Reporting: How to Monitor Violations Without Breaking Your Site
You can’t fix what you can’t see. CSP reporting is how you see what’s happening with your Content Security Policy in production — without blocking anything. Think of it as a canary in a coal mine. The canary doesn’t prevent problems. It tells you about them early enough to do something about it. report-uri vs report-to There are two ways to receive CSP violation reports. Confusingly, they coexist and serve slightly different purposes. ...