csp-report-only

The csp-report-only Element

since 10.3.0

Syntax:

<csp-report-only>true|false</csp-report-only>

[Default: false]

<system-config>
    <csp-enabled>true</csp-enabled>
    <csp-report-only>true</csp-report-only>
</system-config>

The csp-enabled property must be enabled to set csp-report-only. This will apply the Content-Security-Policy-Report-Only response header instead of Content-Security-Policy. In this mode, any violations of the CSP policy are reported in the console or on your report URL. This policy does not prevents resources from loading on the site, even if they fail the policy.

See full documentation entry.

Twitter Facebook LinkedIn