Request to support more sources than only 'style, frame, script'. Good source for CSP reference is https://report-uri.com/. Looking to have an option to add additional sources + setting CSP to report-only and not immediately 'Active'.

Some examples include:

object-src 'none';

frame-ancestors

worker-src

font-src

img-src

connect-src

report-uri