csp-report-uri

The csp-report-uri Element

since 10.3.0

Syntax:

<csp-report-uri>receiver_endpoint</csp-report-uri>

[Default: null]

<system-config>
    <csp-enabled>true</csp-enabled>
    <csp-report-only>true</csp-report-only>
    <csp-report-uri>/csp-violations</csp-report-uri>
</system-config>

Requires both csp-enabled and csp-report-only. This will apply the Content-Security-Policy-Report-Only response header. In this mode, any violations of the CSP policy are only reported in the console. Additionally, a report will be sent to the endpoint specified in csp-report-uri. This policy does not prevents resources from loading on the site, even if they fail the policy.

See full documentation entry.

Twitter Facebook LinkedIn