Name Description Size
multiple-report-policies.html When multiple report-uri endpoints for multiple policies are specified, each gets a report 1140
multiple-report-policies.html.sub.headers 707
post-redirect-stacktrace.https.html Check for post-redirect leak from StackTrace. 3823
post-redirect-stacktrace.https.html.headers 74
report-and-enforce.html Reporting and enforcing policies can be different 1531
report-and-enforce.html.sub.headers 498
report-blocked-data-uri.html Data-uri images are reported correctly 590
report-blocked-data-uri.html.sub.headers 355
report-blocked-uri-cross-origin.sub.html Cross-origin images are reported correctly 702
report-blocked-uri-cross-origin.sub.html.sub.headers 469
report-blocked-uri.html Blocked relative images are reported correctly 649
report-blocked-uri.html.sub.headers 456
report-clips-sample.https.html 3660
report-cross-origin-no-cookies.sub.html Cookies are not sent on cross origin violation reports 1463
report-cross-origin-no-cookies.sub.html.sub.headers 440
report-frame-ancestors-no-parent-cookies.sub.html Cookies are not sent on cross origin violation reports for frame-ancestors violations, even if the report-uri is same-origin with the embedder. 1271
report-frame-ancestors-with-x-frame-options.sub.html Reporting works with report-only frame-ancestors even if frame is blocked by X-Frame-Options 554
report-frame-ancestors.sub.html Reporting works with frame-ancestors 463
report-multiple-violations-01.html Test multiple violations cause multiple reports 660
report-multiple-violations-01.html.sub.headers 408
report-multiple-violations-02.html This tests that multiple violations on a page trigger multiple reports if and only if the violations are distinct. 819
report-multiple-violations-02.html.sub.headers 392
report-only-cross-origin-frame.sub.html Cross origin iframes have their URI censored 1673
report-only-cross-origin-frame.sub.html.sub.headers 470
report-only-in-meta.sub.html Report-only policy not allowed in meta tag 1880
report-only-in-meta.sub.html.sub.headers 214
report-only-unsafe-eval.html 1267
report-only-unsafe-eval.html.sub.headers 304
report-original-url-on-mixed-content-frame.https.sub.html 687
report-original-url-on-mixed-content-frame.https.sub.html.sub.headers 383
report-original-url.sub.html 2423
report-original-url.sub.html.sub.headers 439
report-preload-and-consume.https.html Test that reports are sent with credentials to same-origin endpoints 1008
report-same-origin-with-cookies.html Cookies are sent on same origin violation reports 1745
report-same-origin-with-cookies.html.sub.headers 398
report-strips-fragment.html 738
report-uri-effective-directive.html Violation report is sent if violation occurs. 643
report-uri-effective-directive.html.sub.headers 366
report-uri-from-child-frame.html Reporting works in child iframes. 828
report-uri-from-inline-javascript.html Violation report is sent from inline javascript. 748
report-uri-from-inline-javascript.html.sub.headers 365
report-uri-from-javascript.html Violation report is sent from javascript resource. 584
report-uri-from-javascript.html.sub.headers 358
report-uri-multiple-reversed.html Content-Security-Policy-Report-Only violation report is sent even when resource is blocked by actual policy. 692
report-uri-multiple-reversed.html.sub.headers 416
report-uri-multiple.html Content-Security-Policy-Report-Only violation report is sent even when resource is blocked by actual policy. 689
report-uri-multiple.html.sub.headers 407
report-uri-scheme-relative.html Relative scheme URIs are accepted as the report-uri. 655
report-uri-scheme-relative.html.sub.headers 381
support