# Reporting API


## What is the Reporting API?
The Reporting API defines a new HTTP response header, `Report-To`, that allows you to collect information from the browser when visitors to your site encounter issues.

You can collect 3 different types of report that tell you various things about your site by creating a `default` reporting group.


### Deprecation
These reports will be sent when a page on your site uses a browser feature or API that the vendor intends to deprecate. This will alert you to potential failures before they happen.


### Intervention
These reports will be sent when the browser changes its default behaviour on a page in the interest of performance, security or user experience. This could be not playing sounds the user didn't initiate, not loading assets on slow connections or refusing to make external requests.


### Crash
These reports will be sent when the browser, or one of its components, crashes whilst the user is on your site. This will help debug potential issues.


## Getting Started
Enabling the Reporting API is easy and requires the delivery of a single HTTP response header.


    Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"{URL}"}],"include_subdomains":true}


To deploy this header on your website you will need to update `{URL}` in the example to your own unique URL, which you can find on the [Setup page](https://report-uri.com/account/setup/), and then set the header on your website. Here are some examples on how to do that depending on your platform or language of choice:


##### PHP
    header('Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://demo.report-uri.com/a/d/g"}],"include_subdomains":true}')


##### Nginx
    add_header Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://demo.report-uri.com/a/d/g\"}],\"include_subdomains\":true}";


##### Apache
    Header set Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://demo.report-uri.com/a/d/g\"}],\"include_subdomains\":true}"


##### IIS
Open IIS Manager and navigate to the level you want to manage, In Features View, double-click HTTP Response Headers. On the HTTP Response Headers page, in the Actions pane, click Add. In the Add Custom HTTP Response Header dialog box use the following name and value and then click OK.

Name: `Report-To`

Value: `{"group":"default","max_age":31536000,"endpoints":[{"url":"https://demo.report-uri.com/a/d/g"}],"include_subdomains":true}`


## Reporting-Endpoints Header
The newer `Reporting-Endpoints` header is also supported and is simpler to configure than `Report-To`. Rather than a JSON object, it uses a straightforward key-value format:


    Reporting-Endpoints: default="{URL}"


##### PHP
    header('Reporting-Endpoints: default="https://demo.report-uri.com/a/d/g"')


##### Nginx
    add_header Reporting-Endpoints 'default="https://demo.report-uri.com/a/d/g"';


##### Apache
    Header set Reporting-Endpoints 'default="https://demo.report-uri.com/a/d/g"'


##### IIS
Open IIS Manager and navigate to the level you want to manage. In Features View, double-click HTTP Response Headers. On the HTTP Response Headers page, in the Actions pane, click Add. In the Add Custom HTTP Response Header dialog box use the following name and value and then click OK.

Name: `Reporting-Endpoints`

Value: `default="https://demo.report-uri.com/a/d/g"`


### Using Both Headers
If you use [Network Error Logging](/setup/nel/), it is important to note that NEL reports can only be sent via the legacy `Report-To` header and are not supported by `Reporting-Endpoints`. For this reason, we recommend deploying both headers together:


    Reporting-Endpoints: default="{URL}"
    Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"{URL}"}],"include_subdomains":true}


Modern browsers will use `Reporting-Endpoints` for supported report types, while `Report-To` ensures NEL reports continue to be delivered and provides fallback support for older browsers.


## Filtering Reports
You can configure filters for your inbound reports in the [Filters](https://report-uri.com/account/filters/) section in your account. These filters allow you to reduce the amount of noise and make it easier to find reports that matter. We recommend keeping the default set of filters enabled to keep your report data manageable and it is worth noting that you are not charged for filtered reports.


The 'Sites to collect reports for' field must be filled in and informs us of the domain names you expect to receive reports from. If someone sends reports to your reporting address but they are for a site that you do not wish to receive reports from, the reports will be discarded and you will not be charged.


## Collecting other report types
The Reporting API also allows for collection of various other types of report sent by the browser. These reports can all be sent to the `default` reporting group and we will separate them into the appropriate section in your account. The other types of report that we currently support being sent via the Reporting API are:


[Content Security Policy](/setup/csp/)<br/>
[Content Security Policy Wizard](/setup/wizard/)<br/>
[Script Watch](/setup/script-watch/)<br/>
[Network Error Logging](/setup/nel/)<br/>
[Permissions Policy](/setup/permissions-policy/)<br/>
[Cross-Origin Embedder Policy](/setup/coep/)<br/>
[Cross-Origin Opener Policy](/setup/coop/)<br/>


You can find details on how to set up the various reports being sent on the respective documentation links above.


#### Useful Links
[https://www.w3.org/TR/reporting/](https://www.w3.org/TR/reporting/)

[https://developers.google.com/web/updates/2018/09/reportingapi](https://developers.google.com/web/updates/2018/09/reportingapi)

[https://github.com/w3c/reporting](https://github.com/w3c/reporting)