Created attachment 472095 [details] No CSP error is expected from the test page; uncomment the last paragrpah to force an expected CSP error I have a CSS @font-face definition, which includes a unicode-range that doesn’t match any characters in the page. The page has a CSP that blocks all font-src loading. On page load, the browser throws a CSP exception error, even though the font file isn’t (yet) needed, and hasn’t loaded. My understanding from https://www.w3.org/TR/CSP3/#framework-violation is that there needs to be a request association with a violation, but in this case there hasn’t been one, so a violation shouldn’t be issued (at least until the page changes to violate the CSP). Firefox works in the way I’d expect: no CSP exception is issued until a character is added to the page that matches the @font-face’s unicode-range. Blink acts in the same was as WebKit.