Cross-Origin Read Blocking

If you&#x27;re interested in cross origin information leaks and defenses against them (including Cross Origin Read Blocking), I highly recommend this short 7 page summary by Artur Janc and Mike West from Google:<p><a href="https:&#x2F;&#x2F;www.arturjanc.com&#x2F;cross-origin-infoleaks.pdf" rel="nofollow">https:&#x2F;&#x2F;www.arturjanc.com&#x2F;cross-origin-infoleaks.pdf</a>

Will we be able to report errors using the upcoming report-to header? I didn&#x27;t see a report mechanism listed, but like with hpkp and cors I would like those errors to.be reporteable

Does anyone have good additional links? I don&#x27;t understand the risk of delivering an HTML document to. script tag src?