NEL
The HTTP NEL response header, short for Network Error Logging, is included to configure network request logging.
Usage
The HTTP NEL response header is sent by a server when it wants to define a NEL policy for an origin that it controls. A NEL policy instructs the client concerning which reports and network request information to collect.
Directives
The server’s NEL policy contains both required and optional directives, specified as an array of JSON objects. Each element of the array specifies a NEL policy for the origin.
report_to
The report_to directive is a required field that is used to specify the endpoint group to which the policy will be sent. In cases where the goal is to remove a previous registration, the report_to directive is optional.
For proper delivery of NEL reports, the endpoint group specification will contain at least one endpoint with a different origin. Moreover, the origin is not coupled with that from which the resource is being fetched. Specifying multiple Origins will provide viable options if some of the endpoints cannot be reached.
max_age
The max_age directive is a required field that specifies the lifetime of the policy, in seconds. A value of zero for the NEL policy for this origin to be removed from the policy cache, whereas a negative value will result in a parse error.
Note
The reporting end group must have a max_age high enough that the reporting policy does not expire. Otherwise, the NEL report will not be delivered, regardless of whether the NEL policy is still valid.
include_subdomains
The include_subdomains directive is an optional field that specifies whether the policy shall be enabled for all of the subdomains. If the boolean value is not True, or the directive is not present, then the NEL policy will not automatically apply to the subdomains.
success_fraction
The success_fraction directive is an optional field that specifies the sampling rate that shall be applied to reports concerning successful network requests for the origin. It is specified by using a number between 0.0 and 1.0, with values outside of that range resulting in a parsing error. If the success_fraction is not included then the user agent will not collect NEL reports concerning successful network requests for the given origin.
failure_fraction
The failure_fraction directive is an optional field that specifies the sampling rate that shall be applied to reports concerning failed network requests for the origin. It is specified by using a number between 0.0 and 1.0, with values outside of that range resulting in a parsing error. If the failure_fraction is not included then the user agent will not collect NEL reports concerning failed network requests for the given origin.
request_headers
The request_headers directive is an optional field that specifies which HTTP request headers, including their names and values, will be included in the network error reports for this origin. These are specified as a list of strings.
response_headers
The response_headers directive is an optional field that specifies which HTTP response headers, including their names and values, will be included in the network error reports for this origin. These are specified as a list of strings.
Example
Response
Nel: {
"report_to”: "",
"max_age": "",
"include_subdomains": "",
"success_fraction": "",
"failure_fraction": "",
"request_headers": "",
"response_headers": ""
}
Takeaway
The NEL header is used to send the client NEL policy information that is used for network request logging for a specific origin.