List of CSP reporting directives
- Instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP
POSTrequest to the specified URI.
report-todirective is intended to replace the deprecated
report-toisn’t supported in most browsers yet. So for compatibility with current browsers while also adding forward compatibility when browsers get
report-tosupport, you can specify both
Content-Security-Policy: ...; report-uri https://endpoint.example.com; report-to groupname
In browsers that support
report-uridirective will be ignored.
- Fires a