To send reports to the collector, configure the reporting API to POST reports to the collector's URL. This can be same- or cross- origin with the reporting document, as the collector will follow the CORS protocol.
The collector supports both CSP Level 2 (report-uri) reports as well as Reporting API reports.
A GET request can be used to retrieve stored reports for analysis.
Sent credentials are stored with the reports, and can be retrieved separately.
CORS Notes:
Supported GET parameters: op
: For GET requests, a string indicating the operation to perform (see below for description of supported operations). Defaults to retrieve_report
. reportID
: A UUID to associate with the reports sent from this document. This can be used to distinguish between reports from multiple documents, and to provide multiple distinct endpoints for a single document. Either reportID
or endpoint
must be provided. endpoint
: A string which will be used to generate a UUID to be used as the reportID. Either reportID
or endpoint
must be provided. timeout
: The amount of time to wait, in seconds, before responding. Defaults to 0.5s. min_count
: The minimum number of reports to return with the retrieve_report
operation. If there have been fewer than this many reports received, then an empty report list will be returned instead. retain
: If present, reports will remain in the stash after being retrieved. By default, reports are cleared once retrieved.
Operations: retrieve_report
: Returns all reports received so far for this reportID, as a JSON-formatted list. If no reports have been received, an empty list will be returned. retrieve_cookies
: Returns the cookies sent with the most recent reports for this reportID, as a JSON-formatted object. retrieve_count
: Returns the number of POST requests for reports with this reportID so far.