The reporting API

In this lesson, we'll study the reporting API.

In late 2018, Chrome rolled out a new feature to help web developers manage browser reports of exceptions. Amongst the issues that can be managed with the reporting API there are security ones, like CSP or feature-policy violations.

In a nutshell, the reporting API allows a website to advertise to the browser a particular URL it expects to receive reports to. With the Report-To header, a server can inform the browser to hand violations over at a particular URL.

Report-To: {
  "max_age": 86400,
  "endpoints": [{
    "url": "https://report.example.com/errors"
  }]
}
...