This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Couldn’t process unknown directive ‘report-to’

  • 1 reply
  • 0 have this problem
  • 33 views
  • Last reply by Standard8

more options

Hello there, I'm getting following warnings when I set report-to directive.

Content-Security-Policy: Couldn’t process unknown directive ‘report-to’ Content-Security-Policy: This site (http://puvipavan.local) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy.

These are the passed headers:

Content-Security-Policy-Report-Only: default-src https:; report-to csp-endpoint; Report-To: { "group": "csp-endpoint", "max_age": 5000, "endpoints": [ { "url": "https://example.com/csp-reports" } ] }

Am I missing something? I'm using the latest version of Firefox as of July-31-2023(115.0.3 (64-bit))

Hello there, I'm getting following warnings when I set report-to directive. Content-Security-Policy: Couldn’t process unknown directive ‘report-to’ Content-Security-Policy: This site (http://puvipavan.local) has a Report-Only policy without a report URI. CSP will not block and cannot report violations of this policy. These are the passed headers: Content-Security-Policy-Report-Only: default-src https:; report-to csp-endpoint; Report-To: { "group": "csp-endpoint", "max_age": 5000, "endpoints": [ { "url": "https://example.com/csp-reports" } ] } Am I missing something? I'm using the latest version of Firefox as of July-31-2023(115.0.3 (64-bit))

All Replies (1)

more options

Hi,

According to this table to this table, Firefox does not currently support report-to.

You can probably use the report-uri directive instead for the time being.