secure_headers icon indicating copy to clipboard operation
secure_headers copied to clipboard
verified publisher icon github

Kyfast/report to directive

Open KyFaSt opened this issue 2 months ago • 2 comments

All PRs:

  • [x] Has tests
  • [ ] Documentation updated

Adding a new header (Reporting-Endpoints)

*Is the header supported by any user agent? Yes - Chrome 116+, Edge 116+, Opera 102+ (via Reporting API)

What does it do? Defines HTTP reporting endpoints for CSP violations and other security/performance reports using the HTTP Reporting API

What are the valid values? Comma-separated pairs of [name="url"] where url must be HTTPS (e.g., csp-violations="https://example.com/reports")

Where does the specification live? MDN Reporting-Endpoints and MDN report-to directive

Adding a new CSP directive (report-to)

Is the directive supported by any user agent? Yes - Chrome 69+, Edge 79+, Firefox 110+, Safari 15.1+

What does it do? Specifies a named reporting endpoint (defined via Reporting-Endpoints header) where CSP violations should be reported, replacing or complementing report-uri

What are the valid values? A single string endpoint name (e.g., report-to csp-violations), must match a name defined in the Reporting-Endpoints header

KyFaSt avatar Nov 07 '25 14:11 KyFaSt