Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
mohamedkhallouq
GitHub Repository: mohamedkhallouq/content
 Path: blob/main/files/en-us/web/http/headers/content-security-policy/report-to/index.md
6568 views
---
title: "CSP: report-to"
slug: Web/HTTP/Headers/Content-Security-Policy/report-to
browser-compat: http.headers.Content-Security-Policy.report-to
---

{{HTTPSidebar}}

The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.

Content-Security-Policy: …; report-to groupname

The directive has no effect in and of itself, but only gains meaning in combination with other directives.

CSP version 1
Directive type {{Glossary("Reporting directive")}}
This directive is not supported in the {{HTMLElement("meta")}} element.

Syntax

Content-Security-Policy: report-to <json-field-value>;

Examples

See {{HTTPHeader("Content-Security-Policy-Report-Only")}} for more information and examples.

Report-To: { "group": "csp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/csp-reports" }
              ] },
            { "group": "hpkp-endpoint",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/hpkp-reports" }
              ] }
Content-Security-Policy: …; report-to csp-endpoint

Report-To: { "group": "endpoint-1",
              "max_age": 10886400,
              "endpoints": [
                { "url": "https://example.com/reports" },
                { "url": "https://backup.com/reports" }
              ] }

Content-Security-Policy: …; report-to endpoint-1

Reporting-Endpoints: endpoint-1="https://example.com/reports"

Content-Security-Policy: …; report-to endpoint-1

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

  • {{HTTPHeader("Content-Security-Policy")}}

  • {{HTTPHeader("Content-Security-Policy-Report-Only")}}