Reporting API


What is the Reporting API?

The Reporting API defines a new HTTP response header, Report-To, that allows you to collect information from the browser when visitors to your site encounter issues.

You can collect 3 different types of report that tell you various things about your site by creating a default reporting group.


Deprecation

These reports will be sent when a page on your site uses a browser feature or API that the vendor intends to deprecate. This will alert you to potential failures before they happen.


Intervention

These reports will be sent when the browser changes its default behaviour on a page in the interest of performance, security or user experience. This could be not playing sounds the user didn't initiate, not loading assets on slow connetions or refusing to make external requests.


Crash

These reports will be sent when the browser, or one of its components, crashes whilst the user is on your site. This will help debug potential issues.


Getting Started

Enabling the Reporting API is easy and requires the delivery of a single HTTP response header.


Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://{subdomain}.report-uri.com/a/d/g"}],"include_subdomains":true}


To deploy this header on your website you will need to update {subdomain} in the example to your own subdomain, which you can find on the Setup page, and then set the header on your website. Here are some examples on how to do that depending on your platform or language of choice:


PHP
header('Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://{subdomain}.report-uri.com/a/d/g"}],"include_subdomains":true}')


Nginx
add_header Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://{subdomain}.report-uri.com/a/d/g\"}],\"include_subdomains\":true}";


Apache
Header set Report-To "{\"group\":\"default\",\"max_age\":31536000,\"endpoints\":[{\"url\":\"https://{subdomain}.report-uri.com/a/d/g\"}],\"include_subdomains\":true}"


IIS

Open IIS Manager and navigate to the level you want to manage, In Features View, double-click HTTP Response Headers. On the HTTP Response Headers page, in the Actions pane, click Add. In the Add Custom HTTP Response Header dialog box use the following name and value and then click OK.

Name: Report-To

Value: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://{subdomain}.report-uri.com/a/d/g"}],"include_subdomains":true}


Filtering Reports

You can configure filters for your inbound reports in the Filters section in your account. These filters allow you to reduce the amount of noise and make it easier to find reports that matter. We recommend keeping the default set of filters enabled to keep your report data manageable and it is worth noting that you are not charged for filtered reports.


The 'Sites to collect reports for' field must be filled in and informs us of the domain names you expect to receive reports from. If someone sends reports to your reporting address but they are for a site that you do not wish to receive reports from, the reports will be discarded and you will not be charged.


Collecting other report types

The Reporting API also allows for collection of various other types of report sent by the browser. These reports can all be sent to the default reporting group and we will separate them into the appropriate section in your account. The other types of report that we currently support being sent via the Reporting API are:


Content Security Policy
Content Security Policy Wizard
Script Watch
Network Error Logging
Cross-Origin Embedder Policy
Cross-Origin Opener Policy


You can find details on how to set up the various reports being sent on the respective documentation links above.


https://www.w3.org/TR/reporting/

https://developers.google.com/web/updates/2018/09/reportingapi

https://github.com/w3c/reporting