[CSP] Additional report field: report-only: "true|false"

I'd like to propose adding a new field to the CSP reports: report-only.

It's [arguably] valuable to know whether or not the policy was
enforced when a given violation report is generated. Sometimes
policies are enforced for a percentage or defined subset of users (or
not at all), but there is no way to determine this from the report
without "smuggling" params in the report-uri.

As you can probably tell, I'm not entirely convinced this is even
worth while (like my status code proposal).

Received on Thursday, 26 June 2014 01:33:53 UTC