CSP: `report-to` directive

Security

The `report-to` directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users' batteries. This change also deprecates the existing `report-uri` directive.

Documentation

Specification

Working draft or equivalent

Status in Chromium

Blink>SecurityFeature


Enabled by default (tracking bug) in:

  • Chrome for desktop release 69
  • Chrome for Android release 69
  • Chrome for iOS release 69
  • Android WebView release 69

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No public signals
  • Public support
  • No public signals
  • No signals

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2019-09-30