diff --git a/services/web/app/src/infrastructure/CSP.js b/services/web/app/src/infrastructure/CSP.js
index 3354deee67..b21526a520 100644
--- a/services/web/app/src/infrastructure/CSP.js
+++ b/services/web/app/src/infrastructure/CSP.js
@@ -3,6 +3,7 @@ const path = require('path')
 
 module.exports = function ({
   reportUri,
+  reportPercentage,
   reportOnly = false,
   exclude = [],
   percentage
@@ -29,7 +30,10 @@ module.exports = function ({
           `base-uri 'none'`
         ]
 
-        if (reportUri) {
+        // enable the report URI for a percentage of CSP-enabled requests
+        const belowReportCutoff = Math.random() * 100 <= reportPercentage
+
+        if (reportUri && belowReportCutoff) {
           directives.push(`report-uri ${reportUri}`)
           // NOTE: implement report-to once it's more widely supported
         }
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index 4d42b0764b..9c9dee96ff 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -736,6 +736,7 @@ module.exports = settings =
 		percentage: parseFloat(process.env.CSP_PERCENTAGE) || 0
 		enabled: process.env.CSP_ENABLED == 'true'
 		reportOnly: process.env.CSP_REPORT_ONLY == 'true'
+		reportPercentage: parseFloat(process.env.CSP_REPORT_PERCENTAGE) || 0
 		reportUri: process.env.CSP_REPORT_URI
 		exclude: [
 			'app/views/project/editor',