We're looking for a person or people to help audit MDN to find places we could speed up. Is this you or someone you know? Check out the RFP: https://mzl.la/2IHcMiE



The Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin. 

Content-Security-Policy: ...; report-to groupname


The directive has no effect in and of itself, but only gains meaning in combination with other directives.

CSP version 1
Directive type Reporting directive
This directive is not supported in the <meta> element.


Content-Security-Policy: report-to=<json-field-value>;


See Content-Security-Policy-Report-Only for more information and examples.

Report-To: { "group": "csp-endpoint",
             "max-age": 10886400,
             "endpoints": [
               { "url": "https://example.com/csp-reports" }
             ] },
           { "group": "hpkp-endpoint",
             "max-age": 10886400,
             "endpoints": [
               { "url": "https://example.com/hpkp-reports" }
             ] }
Content-Security-Policy: ...; report-to=csp-endpoint


report-To: { "group": "endpoint-1",
             "max-age": 10886400,
             "endpoints": [
               { "url": "https://example.com/reports" },
               { "url": "https://backup.com/reports" }
             ] } 

Content-Security-Policy: ...; report-to=endpoint-1


Browser compatibility

The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support No No No No No No
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support No No No No No No ?

See also


Document Tags and Contributors

 Contributors to this page: venkat_reddy
 Last updated by: venkat_reddy,