Add crash-reporting reporting endpoint name

[ddbeck]

Summary

This adds the crash-reporting endpoint name to the Reporting-Endpoints header.

Test results and supporting details

I'm trying to add more detail to BCD so I can generate a status in web-features for crash reporting. This came out of that (incomplete) effort.

Chrome shipped crash-reporting in 139 (Aug 2025):

• https://chromestatus.com/feature/5129218731802624
• https://chromiumdash.appspot.com/commit/1cdd84c07d7e9c3f8498e57efc35b2ac626c0e20

While I was trying to piece together the history of crash reporting, I found that Firefox shipped Reporting-Endpoints earlier than recorded, in Firefox 130: https://bugzilla.mozilla.org/show_bug.cgi?id=1860588.

Related issues

• Firefox bug 1860588
• Chrome Platform Status - Crash Reporting API: Specify crash-reporting to receive only crash reports
• Reporting: there's no complete list of possible report types (or named reporting endpoints) content#43688

[github-actions]

Tip: Review these changes grouped by change (recommended for most PRs), or grouped by feature (for large PRs).

[caugner]

While we're here, should we set Opera to mirror?

(Unfortunately, GitHub's suggestion feature seems to be broken right now, so I cannot suggest the change here.)

[ddbeck]

Done with 8b9a778. Thank you!

[hamishwillee]

@ddbeck The server reports should mostly mirror "types_property" in https://github.com/mdn/browser-compat-data/blob/main/api/ReportingObserver.json - where this particular case does not because you can't observe a report for a page that has crashed.

FMI, what is the intent here - to record the reports separately in both places, or only have the server-only endpoints here?

[ddbeck]

@hamishwillee My intent here is to capture some of the predefined endpoint names that I know to exist. Right now, I believe there are only two.

If I understand correctly, you can set arbitrary endpoint names, which some reporting uses via their own headers (e.g., for use with CSP's report-to directive).

Then there are names predefined by specification: default and crash-reporting. A couple reporters (including crash reporting) use default, if it's specified. I'm not sure which report type used the default first—if I can figure it out, I plan to open a PR for this.

You can also set an endpoint name for each permission policy feature. If I understand the spec correctly, this is a sort of implicit thing in, where it'll look for a reporting endpoint named for each permissions policy feature. I am not planning to add keys for those, since it should just reproduce the list of permissions policy features nested under http.headers.Permissons-Policy.

[hamishwillee]

My intent here is to capture some of the predefined endpoint names that I know to exist. Right now, I believe there are only two.

The TL;DR. Thanks @ddbeck - that's great. Short version is I didn't know about crash-reporting or per-feature permission reporting. Will update docs.

---

This is what I do know:

If I understand correctly, you can set arbitrary endpoint names, which some reporting uses via their own headers (e.g., for use with CSP's report-to directive).

Yes. I have tried to capture it here: https://developer.mozilla.org/en-US/docs/Web/API/Reporting_API#related_http_headers
Not finished - building it out as I work through the reports.

CSP has a report-to directive, COEP has a report-to parameter, Integrity-Policy has an endpoints list which is a "structured dictionary". I haven't done COOP yet, but I would bet it mirrors COEP.

Permissions-Policy has a per-directive report-to parameter. This is undocumented on MDN (I did not know about this but will update the docs). The default endpoint works in this case.

Crash uses crash-reporting or default, in that order of priority, if defined. I didn't know about crash-reporting but we'll be adding that now in https://github.com/mdn/content/pull/43791/changes#r3107848731

For cases where there is no associated HTTP header default seems to be the recommended option. This works for deprecation reports and intervention reports.

Then there are names predefined by specification: default and crash-reporting. A couple reporters (including crash reporting) use default, if it's specified. I'm not sure which report type used the default first—if I can figure it out, I plan to open a PR for this.

Don't know sorry.

You can also set an endpoint name for each permission policy feature. If I understand the spec correctly, this is a sort of implicit thing in, where it'll look for a reporting endpoint named for each permissions policy feature. I am not planning to add keys for those, since it should just reproduce the list of permissions policy features nested under http.headers.Permissons-Policy.

As above, this was news to me, but I read the spec the same way. Will test and update the docs.