What's the point of CSP anyway?
Somebody please help me understand:
CSP reports tell the website owner if malicious scripts have been injected. They don't alert the user, they only alert the website owner (for instance Equifax). Isn't it?
If that's true, what's the point of those reports? 99% of big websites won't care (if only because CSP messes with ad delivery I guess). Those who might care (the potential victims) don't get to see those violation reports anyway if I got it right (at least not before it's too late anyway). So, what's the point in CSP?