CSP: `report-to` directive

Category: Security
Type: New or changed feature
Status: Enabled by default (Chrome 69)
Intent stage: Prepare to ship

Summary

The `report-to` directive wires CSP violation reports up to the Reporting API which allows the browser to bundle multiple reports when sending them to the server rather than creating a POST for each individual report. This allows reports to be collected in a way that is friendlier for users' batteries. This change also deprecates the existing `report-uri` directive.

Standards & signals

Specification: https://w3c.github.io/webappsec-csp/#directive-report-to
Firefox: No signal
Safari: No signal
Web developers: No signals
Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=726634

Docs: https://w3c.github.io/reporting/

Explainers: https://w3c.github.io/webappsec-csp/#directive-report-to

View on chromestatus.com