Changes

These parse errors are not <em>policy violations</em>, and any error messages caused by parse errors are separate from the violation report sites may elect to receive when their site's <em>policies are violated</em>, via the report-uri directive. Parse errors are only reported locally in the user agent.

;Unrecognized Directive: If an unrecognized directive (name not recognized) is encountered by CSP, User Agents SHOULD report parse errors locally in the directive and its value are skipped (up to a semicolon or end of header, whichever is first) and a warning message is logged to the Error Console stating the unrecognized directive nameuser agent's error console.

;Unrecognized <tt>options</tt> tokenDirective: If an unrecognized token directive (name not recognized) is present in encountered by a User Agent, the <tt>options</tt> directive and its valueare skipped (up to a semicolon or end of header, it whichever is ignored first) and the User Agent SHOULD report a warning message is logged to the Error Console stating the unrecognized tokendirective name.

;Missing "allow"Unrecognized <tt>options</tt> token: If an unrecognized token is present in the "allow" <tt>options</tt> directive is not presentvalue, the User Agent MUST ignore it and SHOULD report a warning message is logged to the Error Console and "allow none" is assumed by the policy. The rest of stating the policy is enforced as written assuming no other policy errors are encounteredunrecognized token.

;Directive Syntax ErrorMissing "allow": When any known If the "allow" directive contains a value that violates [[Security/CSP/Spec#Policy_Language_and_Syntax|CSP syntax]]is not present, Content Security Policy follows the User Agent SHOULD report a "fail closed" security model warning message to the Error Console and falls back to MUST assume the most secure policy, directive value "allow none"for the policy. The User Agent MUST enforce the rest of the policy as written (assuming no other policy errors are encountered).

;No Recognized DirectivesDirective Syntax Error: If no recognized directives are present in When any known directive contains a value that violates [[Security/CSP/Spec#Policy_Language_and_Syntax|CSP syntax]], the stated policy, User Agent SHOULD report a warning message will be logged stating the invalid syntax to the Error Console stating AND MUST "invalid policyfail closed", and CSP will enforce by enforcing the most secure policy , "allow none"for the protected document.

;Other Parsing ErrorsNo Recognized Directives: Any other parsing errors not covered here may cause CSP to fail closed. If such a case should ariseno recognized directives are present in the stated policy, the User Agent SHOULD report a warning message will be logged to the Error Console describing stating "invalid policy" AND MUST enforce the policy "allow none" on the violationprotected document.