Specifies how the web browser should report certain types of issues that it encounters.

The Report-To header defines a group of reporting endpoints (URLs) that can be used to receive different types of reports. These reports can be configured with the NEL (Network Error Logging) and "Content-Security-Policy-Report-Only" HTTP headers. Once configured, the browser will then send reports in a JSON format to the specified endpoints when it encounters problems. This mechanism enables website owners and developers to monitor their sites more effectively and address issues that could impact user experience or site functionality.

  • group: An arbitrary name that can be referenced by other reporting headers.
  • max_age: The lifetime (in seconds) of this policy.
  • include_subdomains: A boolean (true/false) that indicates if subdomains of the domain should also send reports.
  • endpoints: An array of objects specifying the endpoints to which reports should be sent. Each object must include a url field, and may also include a priority (integer) and a weight (integer) for load balancing.


In this example, two end points are configured. One is named "default" and the other "myServer. Both policies are valid for 1 month and specify different URL endpoints. The default group specifies two endpoints, one of them designated with a lower priority as a backup.

Report-To: {"group":"default","max_age":2592000,"endpoints":[{"url":"","priority":1},{"url":"","priority":2}]}, {"group":"myServer","max_age":2592000,"endpoints":[{"url":""}]}

Ready to validate your website to check for this header and 100+ others important tests?