Documentation

Report Types

The W3C Reporting API enables browsers to automatically report security violations, performance issues, and compatibility warnings to your configured endpoint.

reporting-api.app supports all major browser report types, from security-focused CSP violations to performance-oriented deprecation warnings. This guide helps you understand what's available and choose which reports to monitor based on your needs.

Available Report Types

Click any report type to learn how to configure it:

Security

Detect attacks and policy violations before they impact users.

CSP Violations

Content Security Policy violations from blocked scripts, styles, and resources.

Integrity (SRI)

Subresource Integrity failures when scripts or styles don't match their hashes.

Permissions Policy

Violations when scripts attempt to use restricted features like camera or geolocation.

Reliability

Surface network failures and stability issues invisible to server logs.

Network Errors (NEL)

DNS, TCP, TLS, and HTTP failures that your server logs never see.

Deprecations

Warnings about deprecated APIs that will be removed in future browser versions.

Crash Reports

Tab crashes and out-of-memory errors.

Performance

Catch deprecations and browser interventions that degrade user experience.

Interventions

Browser actions that block heavy ads, auto-playing media, or resource-intensive content.

Cross-Origin Isolation

COOP/COEP violations that block cross-origin resources or popup interactions.

Document Policy

Performance budget violations for image sizes, synchronous scripts, and resource policies.

How Browser Reporting Works

The W3C Reporting API provides a standardized way for browsers to send diagnostic information to your server. Here's how it works:

  1. Configure your endpoint — Add the Reporting-Endpoints HTTP header to your server responses, pointing to your reporting-api.app endpoint URL
  2. Browser detects an issue — When a violation occurs (blocked script, deprecated API, network failure, etc.), the browser queues a report
  3. Reports are batched and sent — The browser periodically sends queued reports to your configured endpoint in JSON format
  4. We process and route — reporting-api.app validates, stores, and forwards reports to your configured integrations (AppSignal, webhooks, Google Chat)

Next Steps

  • Getting Started — Set up your first application and configure the Reporting-Endpoints header
  • Integrations — Route reports to AppSignal, webhooks, or Google Chat

Or dive into any report type above to learn the specific configuration for your use case.