My site has been running a content-security-policy-report-only header for several months, during which time I have seen a number of violations for a domain which sh
content-security-policy-report-only
