<?php
header("Content-Security-Policy-Report-Only: script-src 'self'; report-uri resources/save-report.php?test=report-only-from-header.php");
?>
<script>
// This script block will trigger a violation report but shouldn't be blocked.
alert('PASS');
</script>
<script src="resources/go-to-echo-report.js"></script>