We turned on CSP reporting and we get a very large volume of open issues because of it. A very large number of them appear to be from extensions, such as:
errorBlocked ‘script’ from ‘b.adsfresh.men’
We get about 10 unique ones like this a day.
I’m really only interested in CSP reports that suggest misconfiguration, such as ones yelling about scripts/styles from our own domain or inline src. Is there a way we could regex filter these so they’re not so noisy?