Hi, I'm one of the interface admins at svwiki. I'd like to have CSP enforced at svwiki, or at least prevent external scripts from running, if full on CSP enforcement is deemed too controversial or too early. I'm not 100% sure how CSP configuration works. Is it possible to enforce prevention of external scripts while keeping everything else report-only? If so, then that might be a good start if people feel like blocking non-script external resources does more harm than help.