CSP: report-to

La directive HTTP Content-Security-Policy (CSP) report-to demande à l'agent utilisateur de rapporter les violations de règles CSP à l'adresse fournie dans un groupe de l'en-tête HTTP Report-To.

Content-Security-Policy: ...; report-to groupname

Cette directive n'a aucun effet en elle-même, mais prend tout son sens en étant combinée à d'autres directives.

Version de CSP 1
Type de directive Reporting directive
This directive is not supported in the <meta> element.

Syntaxe

Content-Security-Policy: report-to <json-field-value>;

Exemples

Voir Content-Security-Policy-Report-Only pour plus d'informations et d'exemples.

Report-To: { "group": "csp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/csp-reports" }
              ] },
            { "group": "hpkp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/hpkp-reports" }
              ] }
Content-Security-Policy: ...; report-to csp-endpoint
Report-To: { "group": "endpoint-1",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/reports" },
                { "url": "https://backup.com/reports" }
              ] }

Content-Security-Policy: ...; report-to endpoint-1

Compatibilité des navigateurs

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
report-to

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support
User must explicitly enable this feature.

Voir aussi