We only send violation reports for accesses to cross-origin properties, as we think websites will deploy COOP on all pages coming from the same origin, meaning that cross-origin accesses to cross-origin properties is where the bulk of the violations will occur.
This would be nice to also mention in the "Limitations of the API" section at the end because there will be cases where developers don't set COOP for all documents in a given origin.
Come to think of it, that final section could benefit from some structure and an explicit list of the situations where we know COOP reporting is imperfect, to help developers who don't have the context understand what they may be missing.
We only send violation reports for accesses to cross-origin properties, as we think websites will deploy COOP on all pages coming from the same origin, meaning that cross-origin accesses to cross-origin properties is where the bulk of the violations will occur.
This would be nice to also mention in the "Limitations of the API" section at the end because there will be cases where developers don't set COOP for all documents in a given origin.
Come to think of it, that final section could benefit from some structure and an explicit list of the situations where we know COOP reporting is imperfect, to help developers who don't have the context understand what they may be missing.