Canmove, confirm
120
edits
Changes
→Directives
;report-uri:
* Instructs the browser where to send a report when CSP is violated.
* The report will be an XML document JSON object with MIME type application/xml json sent via POST to the specified URI contained in the value of this directive.
* Acceptable report URIs MUST use the scheme and port as the protected content, and the [http://publicsuffix.org public suffix] and most general DNS label of the protected content and the report URI must match. For example www.foo.co.uk and reports.foo.co.uk, but not reports.bar.co.uk. Relative URIs are acceptable, and are resolved within the same scheme, host and port as the document served with the CSP.
* User Agents MUST send violation reports to any acceptable URIs in this directive. Details about the information provided in violation reports are found in the [[#Violation Report Syntax|Violation Report Syntax]] section.
