Have django-csp working in report only mode on application deployed on aws using gunicorn/nginx. No reported issues in dev or prod except when clients log into their work computers to work remotely. Using a secured remote desktop session (I can recreate accessing production web using browser running in vm). I get nothing but errors and warnings about hosted page injection.