CSP: report-to
Content-Security-Policy
の Report-To
は HTTP のレスポンスヘッダーフィールドで、ユーザーエージェントにオリジンの報告先のエンドポイントを保存するよう指示します。
http
Content-Security-Policy: …; report-to groupname
このディレクティブは単体では効果がありませんが、他のディレクティブとの組み合わせでのみ意味を持ちます。
構文
http
Content-Security-Policy: report-to <json-field-value>;
例
詳しい情報や例は、 Content-Security-Policy-Report-Only
を参照してください。
http
Report-To: { "group": "csp-endpoint",
"max_age": 10886400,
"endpoints": [
{ "url": "https://example.com/csp-reports" }
] },
{ "group": "hpkp-endpoint",
"max_age": 10886400,
"endpoints": [
{ "url": "https://example.com/hpkp-reports" }
] }
Content-Security-Policy: …; report-to csp-endpoint
http
Report-To: { "group": "endpoint-1",
"max_age": 10886400,
"endpoints": [
{ "url": "https://example.com/reports" },
{ "url": "https://backup.com/reports" }
] }
Content-Security-Policy: …; report-to endpoint-1
http
Reporting-Endpoints: endpoint-1="https://example.com/reports"
Content-Security-Policy: …; report-to endpoint-1
仕様書
Specification |
---|
Content Security Policy Level 3 # directive-report-to |
ブラウザーの互換性
Report problems with this compatibility data on GitHubdesktop | mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
report-to |
Legend
Tip: you can click/tap on a cell for more information.
- Full support
- Full support
- No support
- No support
- User must explicitly enable this feature.
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.