Compare Revisions

Content-Security-Policy-Report-Only

Revision 1141699 by fscholz on November 11, 2016 at 5:35:26 AM PST

Revision 1141701 by fscholz on November 11, 2016 at 5:37:38 AM PST

Title:

Content-Security-Policy-Report-Only

Slug:

Web/HTTP/Headers/Content-Security-Policy-Report-Only

Tags:

"CSP" "HTTP" "header" "Reference" "Security"

"CSP" "HTTP" "Reference" "Security" "header"

Comment:

new page

Content:

	Revision 1141699			Revision 1141701
n	48	The same directives the {{HTTPHeader("Content-Security-Head	n	48	The directives of the {{HTTPHeader("Content-Security-Policy
	>	er")}} uses can be applied to <code>Content-Security-Policy-Repor		>	")}} header can also be applied to <code>Content-Security-Policy-
	>	t-Only</code>.		>	Report-Only</code>.
n	54	This header reports violations that would have occured. You	n	54	This header reports violations that would have occurred. Yo
	>	can use this to iteratively work on your content security policy		>	u can use this to iteratively work on your content security polic
	>	. You observe how your site behaves, watching for violation repor		>	y. You observe how your site behaves, watching for violation repo
	>	ts, then choose the desired policy enforced by the {{HTTPHeader("		>	rts, then choose the desired policy enforced by the {{HTTPHeader(
	>	Content-Security-Header")}}.		>	"Content-Security-Policy")}} header.
t	60	If you still want to receive reporting, but also want to en	t	60	If you still want to receive reporting, but also want to en
	>	force a policy, use the {{HTTPHeader("Content-Security-Header")}}		>	force a policy, use the {{HTTPHeader("Content-Security-Policy")}}
	>	with the {{CSP("report-uri")}} directive.		>	header with the {{CSP("report-uri")}} directive.