HTMLUnit does not appear to support most of Content-Security-Policy.

Previously requested in https://sourceforge.net/p/htmlunit/feature-requests/259/ which was closed as resolved, but it seems most of Content-Security-Policy remains unimplemented. In some local testing using HTMLUnit through jenkins-test-harness, tests asserting CSP violations are not reported pass with only HTMLUnit navigating to affected pages, but fail when I set a breakpoint and navigate to the same URL in Firefox. Looking through reasons for the linked issue to be closed, it seems 56bd6c3 implements a small subset of Content-Security-Policy, but nothing related to the various *-src directives, or report-uri.

Use case: I want tests to fail if Content-Security-Policy violations (e.g., unsafe-inline scripts) are encountered.