Is your feature request related to a problem? Please describe.

I'm using this library to manage CSP headers, and I need to enable report-only mode. However, the library does not seem to support replacing the Content-Security-Policy header with Content-Security-Policy-Report-Only. This makes it difficult to test policies without enforcing them.

Describe the solution you'd like

It would be great if the library provided an option to switch to report-only mode, automatically replacing Content-Security-Policy with Content-Security-Policy-Report-Only when enabled.

Describe alternatives you've considered

Manually modifying the response headers after they are set by the library, but this is not ideal.
Using a different middleware for CSP management, but I prefer to keep using this library.

Additional context

This feature would be useful for safely testing CSP rules before enforcing them in production. Let me know if I can provide more details!