The `report-to` directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users' batteries. This change also deprecates the existing `report-uri` directive.

Documentation

Specification

Specification link


Specification currently under development in a Working Group

Status in Chromium

Blink>SecurityFeature


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • Positive
  • No signal
  • No signals

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-09-24