The header has been redundant since 2018 as all CAs and browsers enforce
certificate transparency already and is now a requirement. It's also
not even implemented in others browsers except for Chrome, and
Chrome 107 deprecates this header.
Signed-off-by: r3g_5z <june@terezi.dev>
It's an IE8-era header where Adobe products used to use the IE engine
when making outbound web requests to embed webpages such as
Adobe Acrobat. This is something that a secure and modern CSP would
protect against.
Signed-off-by: r3g_5z <june@terezi.dev>
The header name was Report-To, not Reply-To.
In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#headerhttps://github.com/w3c/reporting/issues/177
CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to
It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/
(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)
Signed-off-by: Thomas Citharel <tcit@tcit.fr>