Concept
Content Security Policy Report Uri
A Content Security Policy Report is a mechanism used in web development and security to monitor and enforce rules about what content can be loaded and executed on a website.
The HTTP Content-Security-Policy response header allows website administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints.
The HTTP Reporting-Endpoints response header allows website administrators to specify one or more endpoints that can be sent reports generated by the Reporting API.
When a browser detects a violation of the CSP rules, for example when an unauthorized script tries to run, the browser sends a violation report to a specified endpoint if report-uri or report-to is configured. These reports are sent as JSON objects and typically include:
The violated directive
The blocked URL
The source file and line number
The user agent
CSP Reports enables you to:
Monitor potential threats without breaking functionality.
Debug and refine CSP rules before enforcing them.
Gain visibility into how third-party content behaves on your site.
For more details on setting up CSP reporting, see the Content Security Policy (CSP) documentation on the Internet.
Security Overview
Configuring a Content Security Policy Report Uri