UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Example URL:
https://www.aidanwoods.com/api/blog

Steps to reproduce the problem:
1. Visit URL in which browser will style based on Content-Type, that also has a CSP policy disallowing inline styles
2. Open browser JS console/network requests
3. Observe that CSP violation has occurred resulting from UA behaviour

What is the expected behavior?
User-agent applied styling should be except from CSP violations (not necessarily true for extensions, but the browser defaults should be). Eg. chrome will allow its own user agent stylesheets to bypass CSP origin whitelist.

What went wrong?
Chrome's styling was applied with the expectation of unsafe-inline being allowed by CSP, or not set.
Result is that unneeded CSP violation reports are sent to site owner.

Does it occur on multiple sites: Yes

Is it a problem with a plugin? No 

Did this work before? N/A 

Does this work in other browsers? No Safari 9.1.1 (likely prior verions too), OSX

Chrome version: 50.0.2661.102  Channel: stable
OS Version: OS X 10.11.5
Flash Version: Shockwave Flash 21.0 r0

Recommended action: use user-agent defined stylesheets to apply default styling when displaying non html content-type responses, using injected html from user agent.