Adding a new CSP directive

Report-uri seems to be depricated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
Instead we want to use both, report-uri and report-to, to be future proof and backward compatible.

• Is the directive supported by any user agent? If so, which?
  https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to

• Chrome
• Edge
• Opera

• What does it do?
  Used to substitute report-uri.

• What are the valid values for the directive?
  Content-Security-Policy: report-to ;