Deprecated: This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.
The deprecated HTTP
report-uri directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
Warning: Though the
report-to directive is intended to replace the deprecated
report-to isn't supported in most browsers yet. So for compatibility with current browsers while also adding forward compatibility when browsers get
report-to support, you can specify both
Content-Security-Policy: …; report-uri https://endpoint.com; report-to groupname
In browsers that support
report-uri directive will be ignored.
The directive has no effect in and of itself, but only gains meaning in combination with other directives.
|Directive type||Reporting directive|
| This directive is not supported in the |