HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Content-Security-Policy: default-src 'none'; report-uri /report
Content-Length: 351

<!DOCTYPE html>
<html>
	<head>
		<title>CSP Demo</title>
	</head>
	<body>
		<a href="javascript:void(0)">Report CSP violation (unsafe-inline script)</a>
		<p>Should log:</p>
		<ul>
			<li><code>no options Object {...}</code></li>
			<li><code>requestBody Object {...}</code></li>
			<li><code>blocking Object {...}</code></li>
		</ul>
	</body>
</html>