CSP: report-to The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin. http Content-Security-Policy : …; report-to groupname The directive has no effect in and of itself, but only gains meaning in combination with other directives. CSP version 1 Directive type Reporting directive This directive is not supported in the <meta> element. Syntax http Content-Security-Policy : report-to <json-field-value>; Examples See Content-Security-Policy-Report-Only for more information and examples. http Report-To : { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "https://example.com/csp-reports" } ] }, { "group": "hpkp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "https://example.com/hpkp-reports" } ] } Content-Security-Policy : …; report-to csp-endpoint http Report-To : { "group": "endpoint-1", "max_age": 10886400, "endpoints": [ { "url": "https://example.com/reports" }, { "url": "https://backup.com/reports" } ] } Content-Security-Policy : …; report-to endpoint-1 http Reporting-Endpoints : endpoint-1="https://example.com/reports" Content-Security-Policy : …; report-to endpoint-1 Specifications Specification Content Security Policy Level 3 # directive-report-to Browser compatibility BCD tables only load in the browser with JavaScript enabled. Enable JavaScript to view data. See also Content-Security-Policy Content-Security-Policy-Report-Only