Permissions-Policy: attribution-reporting

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header attribution-reporting directive controls whether the current document is allowed to use the Attribution Reporting API.

Specifically, where a defined policy blocks the use of this feature:

Background attributionsrc requests won't be made.
The XMLHttpRequest.setAttributionReporting() method will throw an exception when called.
The attributionReporting option, when included on a fetch() call, will cause it to throw an exception.
Registration headers (Attribution-Reporting-Register-Source and Attribution-Reporting-Register-Trigger) in HTTP responses on associated documents will be ignored.

Syntax

http

Permissions-Policy: attribution-reporting=<allowlist>;

<allowlist>: A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for attribution-reporting is *.

Specifications

Specification
Attribution Reporting # permission-policy-integration

Browser compatibility

BCD tables only load in the browser

See also