Content-Security-Policy & Expect-CT headers need report-uri support
This option is a standard part of these headers, and makes it easier to track violations/make sure they are configured correctly. a report-uri:
config key in the :https_security
section of prod.secret.exs ought to do this.