You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
You already support the report-to attribute at CSP. However, this attribute accepts key from Report-To header like shown in this site in examples: developer.mozilla.org.
NEL Header is already supported by Chrome on all platforms including Android, but I understand your opinion about adding it when it becomes working draft.
You already support the
report-to
attribute at CSP. However, this attribute accepts key fromReport-To
header like shown in this site in examples: developer.mozilla.org.What do you think about adding the possibility to set the
Report-To
standalone header as well? It can report more issues with your site, see https://docs.report-uri.com/setup/reporting-api/.And maybe add NEL Header too? This is not really security header but can help with debugging bad HTTPS certificate etc https://report-uri.com/products/network_error_logging
What do you think about those headers? At least Report-To header could be useful, otherwise, the
report-to
attribute at CSP is useless.The text was updated successfully, but these errors were encountered: