Support for Reporting API and NEL header
arxeiss opened this issue · 3 comments
You already support the report-to attribute at CSP. However, this attribute accepts key from Report-To header like shown in this site in examples: developer.mozilla.org.
What do you think about adding the possibility to set the Report-To standalone header as well? It can report more issues with your site, see https://docs.report-uri.com/setup/reporting-api/.
And maybe add NEL Header too? This is not really security header but can help with debugging bad HTTPS certificate etc https://report-uri.com/products/network_error_logging
What do you think about those headers? At least Report-To header could be useful, otherwise, the report-to attribute at CSP is useless.
Hi @arxeiss,
Thanks for suggestion. I will add report-to header.
NEL Header is still in Editor's Draft(https://w3c.github.io/network-error-logging/). I think we should at least wait for it become Working Draft.
W3C Maturity Levels: https://www.w3.org/2019/Process-20190301/#maturity-levels
NEL Header is already supported by Chrome on all platforms including Android, but I understand your opinion about adding it when it becomes working draft.