Sometimes it comes in handy to set your CSP (eg during dev) to report only by using the header : Content-Security-Policy-Report-Only
This won't block the resources, but will report in the console if you have potential issues. This comes in handy when you are adding it to a existing site.
Sometimes it comes in handy to set your CSP (eg during dev) to report only by using the header :
Content-Security-Policy-Report-OnlyThis won't block the resources, but will report in the console if you have potential issues. This comes in handy when you are adding it to a existing site.