Splits the reporting cache into a per-document cache for document-generated reports, and the existing cache for network reports. There is currently a single reporting cache per profile, which means that reports from unrelated documents can potentially be sent in a single request. This also introduces the Reporting-Endpoints HTTP response header for non-persistent configuration of document-generated reports.

Motivation

In order to mitigate privacy concerns with the Reporting API, several changes have been made to the spec: Per-document reports (such as policy violation reports or deprecation repots) have been separated from network reports (such as network error logging) and should be cached separately. This avoids an issue where reports from unrelated documents could be sent together, potentially allowing a users actions on separate sites to be correlated. To avoid creating a persistent cookie or tracking identifier for per-document reports, the existing persistent Report-To header is being replaced with a new Reporting-Endpoints header, which affects only the document it is returned with.

Specification

Editor's draft

Status in Chromium

Internals>Network>ReportingAndNEL


In development (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Last updated on 2021-07-08