You can report CSP violations to Sentry.
Within config/initializers/content_security_policy.rb:
Rails.application.configure do
config.content_security_policy do |policy|
# Settings for the policy
policy.report_uri 'https://ooo4444bbb.ingest.de.sentry.io/api/ooo4444bbb/security/?sentry_key=ooo4444bbb'
end
end
Replace the actual report_uri with the one from your project settings under https://makandra-eu.sentry.io/settings/projects/<project-name>/security-headers/. Replace <project-name> with the actual name of the project.
Or navigate to it via the UI: Open your project -> Settings -> Within the Section "SDK Setup" click "Security Header"
Browser Extensions may spam you
For some large applications browser extensions will create a lot of noise. Sentry offers basic support for filtering Show archive.org snapshot .
However efficiently filtering CSP reports is still limited as of June 2025 Show archive.org snapshot .
You may also wish to have a look at our card on a reasonable CSP default.
