Network Error Logging

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Network Error Logging is a mechanism that can be configured via the NEL HTTP response header. This experimental header allows web sites and applications to opt-in to receive reports about failed (and, if desired, successful) network fetches from supporting browsers.

Reports are sent to a reporting group defined within a Report-To header.

Usage

Web applications opt in to this behaviour with the NEL header, which is a JSON-encoded object:

NEL: { "report_to": "nel",
       "max_age": 31556952 }

An origin considered secure by the browser is required.

The following object keys can be specified in the NEL header:

report_to

The reporting API group to send network error reports to (see below).

max_age
Specifies the lifetime of the policy, in seconds (in a similar way to e.g. HSTS policies are time-restricted). The referenced reporting group should have a lifetime at least as long as the NEL policy.
include_subdomains
If true, the policy applies to all subdomains under the origin that the policy header is set. The reporting group should also be set to include subdomains, if this option is to be enabled.
success_fraction
Floating point value between 0 and 1 which specifies the proportion of successful network requests to report. Defaults to 0, so that no successful network requests will be reported if the key is not present in the JSON payload.
failure_fraction
Floating point value between 0 and 1 which specifies the proportion of failed network requests to report. Defaults to 1, so that all failed network requests will be reported if the key is not present in the JSON payload.

The reporting group referenced above is defined in the usual manner within the Report-To header, for example:

Report-To: { "group": "nel",
             "max_age": 31556952,
             "endpoints": [
               { "url": "https://example.com/csp-reports" }
             ] }

Error reports

In these examples, the entire reporting API payload is shown. The top-level "body" key contains the network error report.

HTTP 400 (Bad Request) response

{
  "age": 20,
  "type": "network-error",
  "url": "https://example.com/previous-page",
  "body": {
    "elapsed_time": 338,
    "method": "POST",
    "phase": "application",
    "protocol": "http/1.1",
    "referrer": "https://example.com/previous-page",
    "sampling_fraction": 1,
    "server_ip": "137.205.28.66",
    "status_code": 400,
    "type": "http.error",
    "url": "https://example.com/bad-request"
  }
}

DNS name not resolved

Note that the phase is set to dns in this report and no server_ip is available to include.

{
  "age": 20,
  "type": "network-error",
  "url": "https://example.com/previous-page",
  "body": {
    "elapsed_time": 18,
    "method": "POST",
    "phase": "dns",
    "protocol": "http/1.1",
    "referrer": "https://example.com/previous-page",
    "sampling_fraction": 1,
    "server_ip": "",
    "status_code": 0,
    "type": "dns.name_not_resolved",
    "url": "https://example-host.com/"
  }
}

The type of the network error may be one of the following pre-defined values from the specification, but browsers can add and send their own error types:

dns.unreachable
The user's DNS server is unreachable
dns.name_not_resolved
The user's DNS server responded but was unable to resolve an IP address for the requested URI.
dns.failed
Request to the DNS server failed due to reasons not covered by previous errors (e.g. SERVFAIL)
dns.address_changed
For security reasons, if the server IP address that delivered the original report is different to the current server IP address at time of error generation, the report data will be downgraded to only include information about this problem and the type set to dns.address_changed.
tcp.timed_out
TCP connection to the server timed out
tcp.closed
The TCP connection was closed by the server
tcp.reset
The TCP connection was reset
tcp.refused
The TCP connection was refused by the server
tcp.aborted
The TCP connection was aborted
tcp.address_invalid
The IP address is invalid
tcp.address_unreachable
The IP address is unreachable
tcp.failed
The TCP connection failed due to reasons not covered by previous errors
http.error
The user agent successfully received a response, but it had a 4xx or 5xx status code
http.protocol.error
The connection was aborted due to an HTTP protocol error
http.response.invalid
Response is empty, has a content-length mismatch, has improper encoding, and/or other conditions that prevent user agent from processing the response
http.response.redirect_loop
The request was aborted due to a detected redirect loop
http.failed
The connection failed due to errors in HTTP protocol not covered by previous errors

Specifications

Specification
Network Error Logging

Browser compatibility

DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
NEL
Experimental
Chrome Full support 71
Full support 71
Full support 69
Disabled
Disabled From version 69: this feature is behind the Reporting runtime flag (needs to be set to true).
Edge Full support 79Firefox No support NoIE No support NoOpera Full support 58Safari No support NoWebView Android Full support 71Chrome Android Full support 71Firefox Android No support NoOpera Android Full support 50Safari iOS No support NoSamsung Internet Android Full support 10.2

Legend

Full support
Full support
No support
No support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.
User must explicitly enable this feature.