Intro to CSP report-to and report-URI HTTP headers
kevinpatel.xyzI have a strict CSP with report-URI on my blog, but all the reports I get are from obscure browser extensions injecting CSS and JS into my pages.
Yes that is one thing I have learned that there can be a lot of noise from these CSP violation reports. I have found that setting up some alerts for particular resources seems to help suppress some of the noise.