I&#39;ll say +1 for this generally b/c I think it could provide helpful info, but would like to know more about if there is anything other than CSP that fits here ... <br><br><div class="gmail_quote">On Wed, Jun 9, 2010 at 10:29 AM, Colin Watson <span dir="ltr">&lt;<a href="mailto:colin.watson@owasp.org">colin.watson@owasp.org</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Suggestion to add a new detection point.  Has this already been ruled<br>
out?  Should it be added?  Is the description/categorization suitable?<br>
<br>
Source<br>
-----------------------------------<br>
[Owasp-appsensor-project] AppSensor Feedback/Ideas, Sat Nov 21 13:32:39 EST 2009<br>
<a href="https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000008.html" target="_blank">https://lists.owasp.org/pipermail/owasp-appsensor-project/2009-November/000008.html</a><br>
<br>
Description<br>
-----------------------------------<br>
The application receives a report of client-side policy exceptions<br>
(e.g. Firefox Content Security Policy violation report<br>
<a href="https://wiki.mozilla.org/Security/CSP/Specification#Violation_Report_Syntax" target="_blank">https://wiki.mozilla.org/Security/CSP/Specification#Violation_Report_Syntax</a>).<br>
<br>
Suggested categorization<br>
-----------------------------------<br>
In the suggested new category &quot;Reputation&quot; (see RP1 Suspicious User IP Address)<br>
RP3 Suspicious Client-Side Behavior<br>
_______________________________________________<br>
Owasp-appsensor-project mailing list<br>
<a href="mailto:Owasp-appsensor-project@lists.owasp.org">Owasp-appsensor-project@lists.owasp.org</a><br>
<a href="https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project" target="_blank">https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project</a><br>
</blockquote></div><br>