https://bbc-reporting-api.app/

Scan ID:: 19f657fb-3680-495a-9063-5cde56d874a4Finished
Submitted URL:: https://bbc-reporting-api.app
Report Finished:: Oct 6, 2024, 18:27:41

Links · 0 found

The outgoing links identified from the page

JavaScript Variables · 3 found

Global JavaScript variables loaded on the window object of a page, are variables declared outside of functions and accessible from anywhere in the code within the current scope

Name	Type
onbeforetoggle	object
documentPictureInPicture	object
onscrollend	object

Console log messages · 15 found

Messages logged to the web console

Type	Category	Log
warning	other	Text Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
warning	other	Text Error with Feature-Policy header: Unrecognized feature: 'usb'.
warning	other	Text Error with Feature-Policy header: Unrecognized feature: 'xr-spatial-tracking'.
warning	other	Text Error with Feature-Policy header: Some features are specified in both Feature-Policy and Permissions-Policy header: accelerometer, autoplay, camera, encrypted-media, fullscreen, geolocation, gyroscope, magnetometer, microphone, midi, payment, picture-in-picture, screen-wake-lock, sync-xhr. Values defined in Permissions-Policy header will be used.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'battery'.
warning	other	Text Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'browsing-topics'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'usb'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
warning	other	Text Error with Permissions-Policy header: Unrecognized feature: 'xr-spatial-tracking'.
error	other	URL https://bbc-reporting-api.app/ Text Unrecognized Content-Security-Policy directive 'prefetch-src'.

HTML

The raw HTML body of the page

<html><head><meta name="color-scheme" content="light dark"></head><body><pre style="word-wrap: break-word; white-space: pre-wrap;">BBC Reporting API Endpoint
--------------------------

What is this?
-------------
An in-house BBC service which can receive standardised reports of errors or security policy violations on our websites from compliant Web Browsers. 
For more details on supported report types, please see:  
* https://developer.mozilla.org/en-US/docs/Web/API/Reporting_API
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging
* https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
* https://developer.mozilla.org/en-US/docs/Web/API/FeaturePolicy
* https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
* https://web.dev/articles/vitals

What is the data used for?
--------------------------
Primary uses are detecting/diagnosing:
* Errors in serving web pages, such as in DNS, TCP, TLS or HTTP
* Violations of security policies we put in place to restrict what our web pages can and cannot do
Receiving reports allows us to fix breakages to services quickly and efficiently, without needing error reports from our audience.

What data is captured/stored?
-----------------------------
In addition to the standard fields in Reporting API data, we capture and store a minimal amount of metadata to help us triage/fix problems.
We actively try to capture/store as little personal information as possible, the specifics vary a little depending on the type of report/violation but typically include: 
* The URL of the web page on/for which the error/violation occurred (so we know which web page(s) have the problem)
* The "User Agent" (the name and version of the web browser, useful for diagnosing browser-specific problems)
* The Country from which the request was made (useful for correlation with per-country problems/blocking)
* The network/ISP (network AS) name and number (useful for diagnosing ISP-specific problems)
* The client IP address *for Network Error Logging reports only* (as it's genuinely &amp; directly useful for network-level problems)

We process (to obtain an IANA country code, AS information and IP version) but do not store the client IP address (or even a truncated version of it) except, as noted above for Network Error Logging reports, as we don't have a practical need to do so. Client IP addresses stored in Network Error Logging reports are restricted to a very small subset of specifically-allowed BBC staff members who have a genuine business need to access it.  

How is data stored and handled?
--------------------
Data is stored and handled in accordance with BBC standard practice, see https://www.bbc.co.uk/usingthebbc/privacy.

How long is report data retained?
---------------------------------
Data is automatically deleted from the storage database after 90 days. There are no automated backups. 

Who has access to the reported data?
------------------------------------
BBC staff only, the data is not public and is not shared with third parties.</pre></body></html>