CSP: `report-to` directive - Chrome Platform Status

Feature: CSP: `report-to` directive

The `report-to` directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users' batteries. This change also deprecates the existing `report-uri` directive.

Documentation

https://w3c.github.io/reporting/

Specification

Specification link

Status: Specification currently under development in a Working Group

Status in Chromium

Blink components: Blink>SecurityFeature

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Safari: No signal
Web Developers: No signals

Owners

mkwst@chromium.org
andypaicu@chromium.org

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-12-13