Automatically Filtering CSP Reports?

We turned on CSP reporting and we get a very large volume of open issues because of it. A very large number of them appear to be from extensions, such as:

errorBlocked ‘script’ from ‘b.adsfresh.men’

We get about 10 unique ones like this a day.

I’m really only interested in CSP reports that suggest misconfiguration, such as ones yelling about scripts/styles from our own domain or inline src. Is there a way we could regex filter these so they’re not so noisy?

1 Like