diff --git a/testing/web-platform/tests/content-security-policy/reporting/report-frame-ancestors-no-parent-cookies.sub.html b/testing/web-platform/tests/content-security-policy/reporting/report-frame-ancestors-no-parent-cookies.sub.html
new file mode 100644
index 000000000000..b500811c070d
--- /dev/null
+++ b/testing/web-platform/tests/content-security-policy/reporting/report-frame-ancestors-no-parent-cookies.sub.html
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>Cookies are not sent on cross origin violation reports for
+      frame-ancestors violations, even if the report-uri is same-origin
+      with the embedder.</title>
+    <meta name="timeout" content="long">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+    fetch(
+      "/cookies/resources/set-cookie.py?name=cspViolationReportCookie1&path=" +
+        encodeURIComponent("/"),
+      {mode: 'no-cors', credentials: 'include'})
+    .then(() => {
+
+      const iframe = document.createElement('iframe');
+      const searchParams = new URLSearchParams();
+      let reportId = "{{$id:uuid()}}";
+      searchParams.set("reportID", reportId);
+      searchParams.set("reportUriBase", "http://{{host}}:{{ports[http][0]}}");
+      iframe.src = "http://{{domains[www1]}}:{{ports[http][0]}}/" +
+        "content-security-policy/reporting/support/not-embeddable-frame.py?" +
+        searchParams.toString();
+      document.body.appendChild(iframe);
+    });
+</script>
+<script async defer src='../support/checkReport.sub.js?reportField=violated-directive&reportValue=frame-ancestors%20%27none%27&noCookies=true&reportID={{$id}}'></script>
+
+</body>
+</html>
diff --git a/testing/web-platform/tests/content-security-policy/reporting/support/not-embeddable-frame.py b/testing/web-platform/tests/content-security-policy/reporting/support/not-embeddable-frame.py
index 9e65b4243590..be7e635ac245 100644
--- a/testing/web-platform/tests/content-security-policy/reporting/support/not-embeddable-frame.py
+++ b/testing/web-platform/tests/content-security-policy/reporting/support/not-embeddable-frame.py
@@ -5,6 +5,7 @@ def main(request, response):
 
     csp_header = b'Content-Security-Policy-Report-Only' \
         if request.GET.first(b'reportOnly', None) == b'true' else b'Content-Security-Policy'
-    headers.append((csp_header, b"frame-ancestors 'none'; report-uri /reporting/resources/report.py?op=put&reportID=" + request.GET[b'reportID']))
+    report_uri_base = request.GET.first(b'reportUriBase', b'')
+    headers.append((csp_header, b"frame-ancestors 'none'; report-uri " + report_uri_base + b"/reporting/resources/report.py?op=put&reportID=" + request.GET[b'reportID']))
 
     return headers, b'{}'