Revision 1143169 of CSP: report-uri

  • Revision slug: Web/HTTP/Headers/Content-Security-Policy/report-uri
  • Revision title: CSP: report-uri
  • Revision id: 1143169
  • Created:
  • Creator: fscholz
  • Is current revision? No
  • Comment
Tags: 

Revision Content
{{HTTPSidebar}}

The HTTP {{HTTPHeader("Content-Security-Policy")}} report-uri directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.

The directive has no effect in and of itself, but only gains meaning in combination with other directives.

CSP version 1
Directive type {{Glossary("Reporting directive")}}
This directive is not supported in the {{HTMLElement("meta")}} element.

Syntax

Content-Security-Policy: report-uri <uri>;
<uri>
A URI where to POST the report to.

Examples

See {{HTTPHeader("Content-Security-Policy-Report-Only")}} for more information and examples.

Content-Security-Policy: default-src https:; report-uri /csp-violation-report-endpoint/

Specifications

Specification Status Comment
{{specName("CSP 3.0", "#directive-report-uri", "report-uri")}} {{Spec2('CSP 3.0')}} No changes.
{{specName("CSP 1.1", "#directive-report-uri", "report-uri")}} {{Spec2('CSP 1.1')}} Initial definition.

Browser compatibility

{{Compat("http/headers/content-security-policy", "report-uri")}}

See also

  • {{HTTPHeader("Content-Security-Policy")}}
  • {{HTTPHeader("Content-Security-Policy-Report-Only")}}

Revision Source

 
<div>{{HTTPSidebar}}</div>

<p>The HTTP {{HTTPHeader("Content-Security-Policy")}} <code><strong>report-uri</strong></code> directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.</p>

<p>The directive has no effect in and of itself, but only gains meaning in combination with other directives.</p>

<table class="properties">
 <tbody>
  <tr>
   <th scope="row">CSP version</th>
   <td>1</td>
  </tr>
  <tr>
   <th scope="row">Directive type</th>
   <td>{{Glossary("Reporting directive")}}</td>
  </tr>
  <tr>
   <th colspan="2" scope="row">This directive is not supported in the {{HTMLElement("meta")}} element.</th>
  </tr>
 </tbody>
</table>

<h2 id="Syntax">Syntax</h2>

<pre class="syntaxbox">
Content-Security-Policy: report-uri &lt;uri&gt;;</pre>

<dl>
 <dt>&lt;uri&gt;</dt>
 <dd>A URI where to POST the report to.</dd>
</dl>

<h2 id="Examples">Examples</h2>

<p>See {{HTTPHeader("Content-Security-Policy-Report-Only")}} for more information and examples.</p>

<pre>
Content-Security-Policy: default-src https:; report-uri /csp-violation-report-endpoint/</pre>

<h2 id="Specifications">Specifications</h2>

<table class="standard-table">
 <tbody>
  <tr>
   <th scope="col">Specification</th>
   <th scope="col">Status</th>
   <th scope="col">Comment</th>
  </tr>
  <tr>
   <td>{{specName("CSP 3.0", "#directive-report-uri", "report-uri")}}</td>
   <td>{{Spec2('CSP 3.0')}}</td>
   <td>No changes.</td>
  </tr>
  <tr>
   <td>{{specName("CSP 1.1", "#directive-report-uri", "report-uri")}}</td>
   <td>{{Spec2('CSP 1.1')}}</td>
   <td>Initial definition.</td>
  </tr>
 </tbody>
</table>

<h2 id="Browser_compatibility">Browser compatibility</h2>

<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>

<p>{{Compat("http/headers/content-security-policy", "report-uri")}}</p>

<h2 id="See_also">See also</h2>

<ul>
 <li>{{HTTPHeader("Content-Security-Policy")}}</li>
 <li>{{HTTPHeader("Content-Security-Policy-Report-Only")}}</li>
</ul>
Revert to this revision