CSP reporting directives are used in a Content-Security-Policy header and control the reporting process of CSP violations.
List of CSP reporting directives
report-uri- Instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP
POSTrequest to the specified URI.Though the
report-todirective is intended to replace the deprecatedreport-uridirective,report-toisn’t supported in most browsers yet. So for compatibility with current browsers while also adding forward compatibility when browsers getreport-tosupport, you can specify bothreport-uriandreport-to:Content-Security-Policy: ...; report-uri https://endpoint.example.com; report-to groupname
In browsers that support
report-to, thereport-uridirective will be ignored. report-to- Fires a
SecurityPolicyViolationEvent.