Changes

 CSP supports a reporting mechanism that allows browsers to User Agents MUST notify content providers when their policy is violated. When a <tt>any provided report-uri</tt> is provided and a when its containing policy is violated, . These reports contain information about the protected resource and the violating content is , and MUST be transmitted to the any specified <tt>report-uri</tt> s via HTTP POST if available in the employed scheme, otherwise User Agents MUST choose an appropriate "submit" method is used. The user agent <i>must User Agents MUST not</i> honor redirection responses. Such a report is Reports MUST be an XML document containing the following fields:

NOTE: in the case where a protected resource is not rendered because the <tt>frame-ancestors</tt> directive was violated, User Agents MUST not send <tt>blocked-uri</tt> is not sent and (it is assumed to be the same as the request URI. The reason for this is because this situation is different from other policy violations: no third-party content was blocked, rather the protected content elected not to load since it does not trust the sites that have enframed it).