The following CSP directive violation is reported:
(csp-report)
(
(document-uri) => https://mysite.com/my-page/
(referrer) => https://www.google.com/
(violated-directive) => img-src
(effective-directive) => img-src
(original-policy) => img-src 'self' https://various.uris <but NOT https://www.tailwindapp.com>
(disposition) => enforce
(blocked-uri) => https://www.tailwindapp.com/app/extensions/Tailwind_swoosh.png
(line-number) => 4
(column-number) => 31488
(source-file) => https://mysite.com/wp-includes/js/jquery/jquery.js
(status-code) => 0
(script-sample) =>
)
If I understand correctly, this means that a visitor to my-page was referred from Google search and in the course of viewing that page the file https://www.tailwindapp.com/app/extensions/Tailwind_swoosh.png was blocked. But I cannot understand how there was any attempt to display that file. It is certainly not directly referenced anywhere in my-page. The script https://mysite.com/wp-includes/js/jquery/jquery.js is not corrupted and makes no reference to that file. Nor does it appear in any other file or database for my site.
So, how can I figure out why there was any attempt to display that file in the first place?