Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
HttpExtension: allow setup CSP in report only mode #135
The question is whether it makes sense to use the headers Content-Security-Policy and Content-Security-Policy-Report-Only (with different settings) together?
I think it has, a Report-Only header can be used to test a future revision to a policy without actually deploying it.