CSP Report to report-uri.io
Content-Security-Policy: default-src 'self'; report-uri https://securenu.report-uri.com/r/d/csp/enforce
This will try to embed the following script but it will fail and a report will send to https://securenu.report-uri.com/r/d/csp/enforce.
You can inspect this with Fiddler
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
You can inspect this with Fiddler
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>