Deprecated headers are used in the Security Policy Reporting documentation

[mark-monteiro]

Which part? Which one?

Security Policy Reporting

Description

The documentation page on Security Policy Reporting has the following issues:

• The Report-To header is deprecated and should be replaced with Reporting-Endpoints
• The Expect-CT header is deprecated and shouldn't be used at all

Suggested Solution

• Add the Reporting-Endpoints to the examples like this: Reporting-Endpoints: csp-endpoint="https://o436832.ingest.us.sentry.io/api/xxxx/security/?sentry_key=xxxx"
• Update the 'Compatibility Recommendationnote section to indicate thatreport-uriandReport-Toare both deprecated and theReporting-Endpoints` header is the current replacement
• Make a note on the Expect-CT section that the header is deprecated and should not be used for new site, or alternatively, remove the section altogether

[getsantry[bot]]

Assigning to @getsentry/support for routing ⏲️