W3cubDocs

/HTTP

CSP: report-to

The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.

Content-Security-Policy: …; report-to groupname

The directive has no effect in and of itself, but only gains meaning in combination with other directives.

This directive is not supported in the `<meta>` element.
CSP version	1
Directive type	Reporting directive

Syntax

Content-Security-Policy: report-to <json-field-value>;

Examples

See Content-Security-Policy-Report-Only for more information and examples.

Report-To: { "group": "csp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/csp-reports" }
              ] },
            { "group": "hpkp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/hpkp-reports" }
              ] }
Content-Security-Policy: …; report-to csp-endpoint

Report-To: { "group": "endpoint-1",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/reports" },
                { "url": "https://backup.com/reports" }
              ] }

Content-Security-Policy: …; report-to endpoint-1

Reporting-Endpoints: endpoint-1="https://example.com/reports"

Content-Security-Policy: …; report-to endpoint-1

Specifications

Specification
Content Security Policy Level 3 # directive-report-to

Browser compatibility

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	WebView Android	Chrome Android	Firefox for Android	Opera Android	Safari on IOS	Samsung Internet
`report-to`	70	79	No	No	No	No	70	70	No	No	No	10.0

CSP: report-to

CSP: report-to

Syntax

Examples

Specifications

Browser compatibility

See also