CSP Reporting
Content-Security-Policy: default-src 'self'; report-uri /CSP/CSPViolationReport
This page will try to embed the following script:
But it will fail and the browser will send a report to /CSP/CSPViolationReport. You can inspect this request in Fiddler.
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
But it will fail and the browser will send a report to /CSP/CSPViolationReport. You can inspect this request in Fiddler.