The reporting API

Explore the Reporting API and how it enables web developers to receive browser reports on security issues like CSP violations using HTTP headers. Understand its benefits, implementation, and tools like report-uri.com to enhance your web application’s security monitoring.

We'll cover the following...

- - 🔑 report-uri.com
- Testing your security posture
- Stateful HTTP: managing sessions with cookies

In late 2018, Chrome rolled out a new feature to help web developers manage browser reports of exceptions. Amongst the issues that can be managed with the reporting API there are security ones, like CSP or feature-policy violations.

In a nutshell, the reporting API allows a website to advertise to the browser a particular URL it expects to receive reports to. With the Report-To header, a server can inform the browser to hand violations over at a particular URL.

Report-To: {
  "max_age": 86400,
  "endpoints": [{
    "url": "https://report.example.com/errors"
  }]
}

This API is still ...

1.Introduction

2.Understanding The Browser

3.HTTP

4.Protection through HTTP Headers

5.HTTP Cookies

6.Situationals

7.DDoS Attacks

8.Bug Bounty Programs

9.Conclusion

Project

The reporting API