function get(payload, headers) {
  var candidateBlockedURI = extractBlockedURI(payload);

  // The protected resource is the resource that the CSP is applied to. This can be a lot of things, but typically will
  // refer to the main HTML for a webpage. Here, the assumption is made that the protected resource is the request