The HTTP Content-Security-Policy (CSP) report-uri directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.
The directive has no effect in and of itself, but only gains meaning in combination with other directives.
| CSP version | 1 |
|---|---|
| Directive type | Reporting directive |
This directive is not supported in the <meta> element. | |
Content-Security-Policy: report-uri <uri>;
See Content-Security-Policy-Report-Only for more information and examples.
Content-Security-Policy: default-src https:; report-uri /csp-violation-report-endpoint/
| Specification | Status | Comment |
|---|---|---|
| Content Security Policy Level 3 The definition of 'report-uri' in that specification. | Editor's Draft | No changes. |
| Content Security Policy Level 2 The definition of 'report-uri' in that specification. | Candidate Recommendation | Initial definition. |
| Feature | Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | Servo |
|---|---|---|---|---|---|---|---|
| Basic Support | 25 | 14 | 23.0 | No support | 15 | 7 | ? |
| Feature | Android | Chrome for Android | Edge Mobile | Firefox for Android | IE Mobile | Opera Mobile | Safari Mobile |
|---|---|---|---|---|---|---|---|
| Basic Support | 4.4 | (Yes) | ? | 23.0 | No support | ? | 7.1 |
© 2005–2017 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri