[Issue] 'Report-To' header is deprecated and no longer recommended

[m2-assistant]

This issue is automatically created based on existing pull request: #39278: 'Report-To' header is deprecated and no longer recommended

---

Description (*)

As reported in this document, 'Report-To' header is deprecated and no longer recommended to report CSP violations.
And, in any case, it is not possible to add "report-to " in the 'Content-Security-Policy-Report-Only' header.

Manual testing scenarios (*)

1. Set CSP in "report-only"
2. Compile 'Report URI' fields in Configuration > Security > Content Security Policy (CSP) page
3. Navigate the website in a page that contains some CSP violations
4. It must be a POST call to Report URI.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

[engcom-Hotel]

Hello @WaPoNe,

Thanks for the report and collaboration!

We are confirming this issue after going through this documentation.

Thanks

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.adobe.com/browse/AC-13280 is successfully created for this GitHub issue.