2 comments

[ 2.8 ms ] story [ 9.0 ms ] thread
I have a strict CSP with report-URI on my blog, but all the reports I get are from obscure browser extensions injecting CSS and JS into my pages.
Yes that is one thing I have learned that there can be a lot of noise from these CSP violation reports. I have found that setting up some alerts for particular resources seems to help suppress some of the noise.