Is there a way to validate incoming report to report-uri. How can I trust sender of report if anybody can see report-uri in headers and send custom reports and abuse this endpoint.
In most cases received report is sent to administrator's email or definitely saved to some log file csp.log.
I implemented very strict rules on what CSP report must look like but still my concern is to receive couple of hundreds emails one day and find bloated log files.
