| link-preload-from-header-report-only-nonce.sub.html |
A Report-Only policy with a nonce does not send a report for an allowed link preload |
660 |
- |
|
|
366 |
- |
| link-preload-report-only-nonce.sub.html |
A Report-Only policy with a nonce does not send a report for an allowed link preload |
731 |
- |
|
|
285 |
- |
| multiple-report-policies.html |
When multiple report-uri endpoints for multiple policies are specified, each gets a report |
1140 |
- |
|
|
707 |
- |
| post-redirect-stacktrace.https.html |
Check for post-redirect leak from StackTrace. |
3823 |
- |
|
|
74 |
- |
| report-and-enforce.html |
Reporting and enforcing policies can be different |
1531 |
- |
|
|
498 |
- |
| report-blocked-data-uri.html |
Data-uri images are reported correctly |
590 |
- |
|
|
355 |
- |
| report-blocked-uri-cross-origin.sub.html |
Cross-origin images are reported correctly |
702 |
- |
|
|
469 |
- |
| report-blocked-uri.html |
Blocked relative images are reported correctly |
649 |
- |
|
|
456 |
- |
| report-clips-sample.https.html |
|
3660 |
- |
| report-cross-origin-no-cookies.sub.html |
Cookies are not sent on cross origin violation reports |
1463 |
- |
|
|
440 |
- |
| report-frame-ancestors-no-parent-cookies.sub.html |
Cookies are not sent on cross origin violation reports for
frame-ancestors violations, even if the report-uri is same-origin
with the embedder. |
1271 |
- |
| report-frame-ancestors-with-x-frame-options.sub.html |
Reporting works with report-only frame-ancestors even if frame is blocked by X-Frame-Options |
554 |
- |
| report-frame-ancestors.sub.html |
Reporting works with frame-ancestors |
463 |
- |
| report-multiple-violations-01.html |
Test multiple violations cause multiple reports |
660 |
- |
|
|
408 |
- |
| report-multiple-violations-02.html |
This tests that multiple violations on a page trigger multiple reports
if and only if the violations are distinct. |
910 |
- |
|
|
392 |
- |
| report-only-cross-origin-frame.sub.html |
Cross origin iframes have their URI censored |
1673 |
- |
|
|
470 |
- |
| report-only-in-meta.sub.html |
Report-only policy not allowed in meta tag |
1880 |
- |
|
|
214 |
- |
| report-only-unsafe-eval.html |
|
1267 |
- |
|
|
304 |
- |
| report-original-url-on-mixed-content-frame.https.sub.html |
|
687 |
- |
|
|
383 |
- |
| report-original-url.sub.html |
|
2423 |
- |
|
|
439 |
- |
| report-preload-and-consume.https.html |
Test that reports are sent with credentials to same-origin endpoints |
1008 |
- |
| report-same-origin-with-cookies.html |
Cookies are sent on same origin violation reports |
1745 |
- |
|
|
398 |
- |
| report-strips-fragment.html |
|
738 |
- |
| report-strips-username-password.html |
|
661 |
- |
| report-uri-effective-directive.html |
Violation report is sent if violation occurs. |
643 |
- |
|
|
366 |
- |
| report-uri-from-child-frame.html |
Reporting works in child iframes. |
828 |
- |
| report-uri-from-inline-javascript.html |
Violation report is sent from inline javascript. |
748 |
- |
|
|
365 |
- |
| report-uri-from-javascript.html |
Violation report is sent from javascript resource. |
584 |
- |
|
|
358 |
- |
| report-uri-multiple-reversed.html |
Content-Security-Policy-Report-Only violation report is sent even when resource is blocked by actual policy. |
692 |
- |
|
|
416 |
- |
| report-uri-multiple.html |
Content-Security-Policy-Report-Only violation report is sent even when resource is blocked by actual policy. |
689 |
- |
|
|
407 |
- |
| report-uri-scheme-relative.html |
Relative scheme URIs are accepted as the report-uri. |
655 |
- |
|
|
381 |
- |
| support |
|
|
- |