Permissions Policy Report-Only reports

All Permission Policy features supported by your browser will function as usual, without any restrictions. If the policy would be violated, a report will be sent (with "disposition": "report" rather than "disposition": "enforce"). This is useful if you want to add a new policy or change the existing one, to see what would break, if you enforced the policy with Permissions-Policy header.

Permissions Policy allows web developers to selectively enable, disable, and modify the behavior of certain APIs and web features in the browser, and query the state (allowed or denied) in the current document for a given feature. See the Permissions Policy page for more details.

Right now, the policy violation reporting part of Permissions Policy must be manually enabled in Chrome by setting the Experimental Web Platform features flag (copy & paste the link), otherwise you'll get no reports. Also, only first-party reports will be sent, no reports for violations that happened in embedded iframes.

The Permissions-Policy-Report-Only response header:

Permissions-Policy-Report-Only: fullscreen=()

The Report-To response header:

Report-To: {"group":"default","max_age":1800,"endpoints":[{"url":"https://pole.has.report/report"}],"include_subdomains":true}

Go full screen

show the code

Related specs & documents