diff --git a/.changeset/khaki-suits-talk.md b/.changeset/khaki-suits-talk.md
new file mode 100644
index 000000000..bc30bcecb
--- /dev/null
+++ b/.changeset/khaki-suits-talk.md
@@ -0,0 +1,5 @@
+---
+"io-services-cms-backoffice": patch
+---
+
+only track csp violations
diff --git a/apps/backoffice/next.config.js b/apps/backoffice/next.config.js
index b5d5e51e4..4c04af083 100644
--- a/apps/backoffice/next.config.js
+++ b/apps/backoffice/next.config.js
@@ -33,9 +33,9 @@ const nextConfig = {
         source: "/((?!api|_next/static|_next/image|favicon.ico).*)",
         headers: [
           {
-            key: "Content-Security-Policy",
+            key: "Content-Security-Policy-Report-Only",
             value:
-              "default-src 'self'; img-src https://iopstcdnassets.blob.core.windows.net https://selfcare.pagopa.it"
+              "report-to /csp-reports default-src 'self'; frame-src 'none'; object-src 'none'; img-src https://iopstcdnassets.blob.core.windows.net https://selfcare.pagopa.it"
           }
         ]
       }
diff --git a/apps/backoffice/src/app/api/csp-reports/route.ts b/apps/backoffice/src/app/api/csp-reports/route.ts
new file mode 100644
index 000000000..b04a0307f
--- /dev/null
+++ b/apps/backoffice/src/app/api/csp-reports/route.ts
@@ -0,0 +1,18 @@
+import { NextRequest, NextResponse } from "next/server";
+import * as ai from "applicationinsights";
+
+export async function POST(
+  nextRequest: NextRequest,
+  nextResponse: NextResponse
+) {
+  const jsonBody = await nextRequest.json();
+
+  ai.defaultClient.trackException({
+    exception: new Error(JSON.stringify(jsonBody)),
+    severity: ai.Contracts.SeverityLevel.Warning
+  });
+
+  return new Response("Success!", {
+    status: 200
+  });
+}