Frequently Asked Questions

There are a series of frequently asked questions that we receive so we will try and address the common ones here.

Why am I not receiving reports?

If you aren't receiving reports into your account the first step is to check that the browser is sending them and that you have the correct subdomain configured in your policy. Check the developer tools of your browser to see if any reports are generated and sent. Low traffic sites may not get reports frequently.

What happens if I go over my quota?

If you exceed your quota we will simply stop processing reports into your account until the following month when your quota renews or you upgrade your account to increase your quota. You can see our dedicated Monthly Quota Usage page for more info.

Where can I raise bugs or feature requests?

You can reach out to us directly to report any problems or suggest new features:

How do you store my password?

We use the password_hash() function in PHP to hash your password before storage. This means we're currently using the bcrypt hashing algorithm with a work factor of 10 and 128 bit salt. Our code: password_hash($password, PASSWORD_DEFAULT)

Where do I raise a support request?

If you are on a plan that comes with email support, you can contact us directly:

Is report-uri deprecated in CSP?

Yes, but don't worry! For the foreseeable future, report-uri will continue to work as it always has. A new reporting mechanism called the Reporting API has been introduced and is used with the report-to directive instead. The Reporting API has some advantages over using report-uri and you can use either or both reporting mechanisms! See the CSP docs for more info.