From d6a428d8b40325f248dd7bf1f4cac9999f788fa8 Mon Sep 17 00:00:00 2001
From: clamy <clamy@chromium.org>
Date: Thu, 7 May 2020 14:34:54 +0200
Subject: [PATCH] Add reporting to cross-origin opener policy

This commit adds the notion of reporting and report-only mode to cross-origin
opener policy.
---
 source | 624 ++++++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 534 insertions(+), 90 deletions(-)

diff --git a/source b/source
index 5d8fe00f9d8..da0cebde4f8 100644
--- a/source
+++ b/source
@@ -4037,6 +4037,23 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute
      <li><dfn data-x="obtain-cross-origin-embedder-policy"
      data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#abstract-opdef-obtain-a-responses-embedder-policy">
      obtain an embedder policy</dfn></li>
+     <li><dfn data-x="cross-origin-embedder-policy-value"
+     data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#embedder-policy-value">
+     embedder policy value</dfn></li>
+     <li><dfn data-x="cross-origin-embedder-policy-report-only-value"
+     data-x-href="https://wicg.github.io/cross-origin-embedder-policy/#embedder-policy-report-onlyvalue">
+     embedder policy report only value</dfn></li>
+    </ul>
+   </dd>
+
+   <dt>Reporting</dt>
+
+   <dd>
+    <p>The following feature is defined in <cite>Reporting API</cite>: <ref spec=REPORTING></p>
+
+    <ul class="brief">
+     <li><dfn data-x="queue-report"
+     data-x-href="https://w3c.github.io/reporting/#queue-report">queue report data as type for destination</dfn></li>
     </ul>
    </dd>
 
@@ -9007,7 +9024,7 @@ partial interface <dfn id="document" data-lt="">Document</dfn> {
 
   <p>The <code>Document</code> has a <dfn data-dfn-for="Document"
   data-x="concept-document-coop">cross-origin opener policy</dfn>, which is a <span>cross-origin
-  opener policy</span>, initially "<code data-x="">unsafe-none</code>".</p>
+  opener policy</span>.</p>
 
   <h4>The <code>DocumentOrShadowRoot</code> interface</h4>
 
@@ -76468,7 +76485,7 @@ dictionary <dfn>DragEventInit</dfn> : <span>MouseEventInit</span> {
    settings object">setting up a window environment settings object</span> given <var>realm
    execution context</var> and <var>topLevelOrigin</var>.</p></li>
 
-   <li><p>Let <var>coop</var> be "<code data-x="">unsafe-none</code>".</p></li>
+   <li><p>Let <var>coop</var> be a new <span>cross-origin opener policy</span>.</p></li>
 
    <li><p>If <var>creator</var> is non-null and <var>creator</var>'s <span>origin</span> is
    <span>same origin</span> with <var>creator</var>'s <span>relevant settings object</span>'s
@@ -77338,10 +77355,10 @@ console.assert(iframeWindow.frameElement === null);
      <dd>
       <ol>
        <li>
-        <p>If <var>current</var>'s <span>top-level browsing context</span>'s <span>active
-        document</span>'s <span data-x="concept-document-coop">cross-origin opener policy</span> is
-        "<code data-x="">same-origin</code>" or "<code data-x="">same-origin-plus-COEP</code>",
-        then:</p>
+	<p>If <var>current</var>'s <span>top-level browsing context</span>'s <span>active
+        document</span>'s <span data-x="concept-document-coop">cross-origin opener policy</span>'s
+        <span data-x="coop-struct-value">value</span> is "<code data-x="">same-origin</code>" or
+        "<code data-x="">same-origin-plus-COEP</code>", then:</p>
 
         <ol>
          <li><p>Let <var>currentDocument</var> be <var>current</var>'s <span>active
@@ -79796,10 +79813,30 @@ interface <dfn>BarProp</dfn> {
 
   <h3>Cross-origin opener policies</h3>
 
+  <h4>Cross-origin opener policy</h4>
+
   <p>A <dfn>cross-origin opener policy</dfn> allows a document which is navigated to in a
   <span>top-level browsing context</span> to force the creation of a new <span>top-level browsing
-  context</span> and its <span data-x="tlbc group">group</span>. It has one of the following
-  values:</p>
+  context</span> and its <span data-x="tlbc group">group</span>. The
+  <span>cross-origin opener policy</span> consists of:</p>
+
+  <ol>
+   <li><p>A <span data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+   (<dfn data-x="coop-struct-value">value</dfn>), initially "<code data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>A string or <code data-x="">null</code> (<dfn data-x="coop-struct-report-endpoint">reporting
+   endpoint</dfn>), initially <code data-x="">null</code>.</p></li>
+
+   <li><p>A <span data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+   (<dfn data-x="coop-struct-report-only-value">report only value</dfn>), initially "<code
+   data-x="">unsafe-none</code>".</p></li>
+
+   <li><p>A string or <code data-x="">null</code> (<dfn
+   data-x="coop-struct-report-only-endpoint">report only reporting endpoint</dfn>), initially <code
+   data-x="">null</code>.</p></li>
+  </ol>
+
+  <p>The <dfn>cross-origin opener policy value</dfn> consists of the following:</p>
 
   <dl>
    <dt>"<code data-x="">unsafe-none</code>"</dt>
@@ -79837,11 +79874,13 @@ interface <dfn>BarProp</dfn> {
   <var>environment</var>:</p>
 
   <ol>
+   <li><p>Let <var>policy</var> be a new <span>cross-origin opener policy</span>.</p></li>
+
    <li><p>Let <var>securityState</var> be the result of executing <span>Is environment
    settings object a secure context?</span> on <var>environment</var>.</p></li>
 
-   <li><p>If <var>securityState</var> is "<code data-x="">Not Secure</code>", then return "<code
-   data-x="">unsafe-none</code>".</p> </li>
+   <li><p>If <var>securityState</var> is "<code data-x="">Not Secure</code>", then return
+   <var>policy</var>.</p> </li>
 
    <li><p>Let <var>parsedValue</var> be the result of <span
    data-x="concept-response-header-list-get-structured-header">getting a structured header</span>
@@ -79850,33 +79889,96 @@ interface <dfn>BarProp</dfn> {
    data-x="http-cross-origin-opener-policy">Cross-Origin-Opener-Policy</code>` and <var>type</var>
    "<code data-x="">item</code>".</p></li>
 
-   <li><p>If <var>parsedValue</var> is <code data-x="">failure</code> or <code
-   data-x="">null</code>, then return "<code data-x="">unsafe-none</code>".</p></li>
+   <li>
+    <p>If <var>parsedValue</var> is not <code data-x="">failure</code> and is not <code
+    data-x="">null</code>, then:</p>
 
-   <li><p>If <var>parsedValue</var> bare item is not "<code data-x="">same-origin</code>" or "<code
-   data-x="">same-origin-allow-popups</code>", then return "<code
-   data-x="">unsafe-none</code>".</p></li>
+    <ol>
+     <li>
+      <p>If <var>parsedValue</var> bare item is "<code data-x="">same-origin</code>", then:</p>
 
-   <li>
-    <p>If <var>parsedValue</var> bare item is "<code data-x="">same-origin</code>", then:</p>
+      <ol>
+       <li><p>Let <var>coep</var> be the result of <span
+       data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
+       policy</span> from <var>response</var>.</p></li>
+
+       <li><p>If <var>coep</var>'s <span data-x="cross-origin-embedder-policy-value">value</span> is
+       "<code data-x="">require-corp</code>", then set <var>policy</var> <span
+       data-x="coop-struct-value">value</span> to "<code
+       data-x="">same-origin-plus-COEP</code>".</p></li>
+
+       <li><p>Else, set <var>policy</var> <span data-x="coop-struct-value">value</span> to "<code
+       data-x="">same-origin</code>".</p></li>
+      </ol>
+     </li>
+
+     <li><p>If <var>parsedValue</var> bare item is "<code data-x="">same-origin-allow-popups</code>",
+     then set <var>policy</var> <span data-x="coop-struct-value">value</span> to "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p>If <var>parsedValue</var>'s parameters["report-to"] <span data-x="map
+     exists">exists</span> and it is a string, then set <span
+     data-x="coop-struct-report-endpoint">reporting endpoint</span> to
+     <var>parsedValue</var>'s parameters["report-to"].</p></li>
+    </ol>
+   </li>
 
+   <li><p>Let <var>parsedReportOnlyValue</var> be the result of <span
+   data-x="concept-response-header-list-get-structured-header">getting a structured header</span>
+   from <var>response</var>'s <span data-x="concept-response-header-list">header list</span> given
+   <var>name</var> `<code
+   data-x="http-cross-origin-opener-policy-report-only">Cross-Origin-Opener-Policy-Report-Only</code>`
+   and <var>type</var> "<code data-x="">item</code>".</p></li>
+
+   <li>
+    <p>If <var>parsedReportOnlyValue</var> is not <code data-x="">failure</code> and is not <code
+    data-x="">null</code>, then:</p>
     <ol>
-     <li><p>Let <var>coep</var> be the result of <span
-     data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
-     policy</span> from <var>response</var>.</p></li>
+     <li>
+      <p>If <var>parsedReportOnlyValue</var> bare item is "<code data-x="">same-origin</code>", then:</p>
 
-     <li><p>If <var>coep</var> is "<code data-x="">require-corp</code>", then return "<code
-     data-x="">same-origin-plus-COEP</code>".</p></li>
+      <ol>
+       <li><p>Let <var>coep</var> be the result of <span
+       data-x="obtain-cross-origin-embedder-policy">obtaining a cross-origin embedder
+       policy</span> from <var>response</var>.</p></li>
+
+       <li>
+        <p>If <var>coep</var>'s <span data-x="cross-origin-embedder-policy-value">value</span> is
+        "<code data-x="">require-corp</code>" or <var>coep</var>'s <span
+        data-x="cross-origin-embedder-policy-report-only-value">report only value</span> is "<code
+        data-x="">require-corp</code>", then set <var>policy</var> <span
+        data-x="coop-struct-report-only-value">report only value</span> to "<code
+        data-x="">same-origin-plus-COEP</code>".</p>
+
+        <p class="note">Report only COOP also considers report only COEP to assign the special "<code
+        data-x="">same-origin-plus-coep</code>" value. This allows developers more freedom in the
+        order of deployment of COOP and COEP.</p>
+       </li>
+
+       <li><p>Else, set <var>policy</var> <span data-x="coop-struct-report-only-value">report only
+       value</span> to "<code data-x="">same-origin</code>".</p></li>
+      </ol>
+     </li>
+
+     <li><p>If <var>parsedReportOnlyValue</var> bare item is "<code
+     data-x="">same-origin-allow-popups</code>", then set <var>policy</var> <span
+     data-x="coop-struct-report-only-value">report only value</span> to "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p>If <var>parsedReportOnlyValue</var>'s parameters["report-to"] <span data-x="map
+     exists">exists</span> and it is a string, then set <span
+     data-x="coop-struct-report-only-endpoint">report only reporting endpoint</span> to
+     <var>parsedReportOnlyValue</var>'s parameters["report-to"].</p></li>
     </ol>
    </li>
 
-   <li><p>Return <var>parsedValue</var> bare item.</p></li>
+   <li><p>Return <var>policy</var>.</p></li>
   </ol>
 
-  <p>To <dfn data-x="matching-coop">match cross-origin opener policies</dfn>, given a
-  <span>cross-origin opener policy</span> <var>A</var>, an <span>origin</span> <var>originA</var>, a
-  <span>cross-origin opener policy</span> <var>B</var>, and an <span>origin</span>
-  <var>originB</var>:</p>
+  <p>To <dfn data-x="matching-coop">match cross-origin opener policies</dfn>, given a <span
+  data-x="coop-struct-value">cross-origin opener policy value</span> <var>A</var>, an
+  <span>origin</span> <var>originA</var>, a <span data-x="coop-struct-value">>cross-origin opener
+  policy value</span> <var>B</var>, and an <span>origin</span> <var>originB</var>:</p>
 
   <ol>
    <li><p>If <var>A</var> is "<code data-x="">unsafe-none</code>" and <var>B</var> is "<code
@@ -79891,9 +79993,121 @@ interface <dfn>BarProp</dfn> {
    <li><p>Return false.</p></li>
   </ol>
 
+  <h4>Browsing context group switches</h4>
+
+  <p>To <dfn data-x="check-browsing-context-group-switch-navigation">check if a navigation requires
+  a browsing context group switch</dfn>, given a boolean <var>isInitialEmptyDocument</var>, a
+  <span>sandboxing flag set</span> <var>sandboxFlags</var>, two <span data-x="origin">origins</span>
+  <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>, and two <span
+  data-x="coop-struct-value">cross-origin opener policy values</span>
+  <var>navigationCOOPValue</var>, <var>incumbentCOOPValue</var>:</p>
+
+  <ol>
+   <li><p>If the result of <span data-x="matching-coop">matching</span>
+   <var>incumbentCOOPValue</var>, <var>incumbentNavigationOrigin</var>,
+   <var>navigationCOOPValue</var> and <var>activeDocumentNavigationOrigin</var> is true, return
+   <code data-x="">false</code>.</p></li>
+
+   <li>
+    <p>If all of the following are true:</p>
+
+    <ul>
+     <li><p><var>isInitialEmptyDocument</var>.</p></li>
+
+     <li><p><var>incumbentCOOPValue</var>'s <span data-x="coop-struct-value">value</span> is "<code
+     data-x="">same-origin-allow-popups</code>".</p></li>
+
+     <li><p><var>navigationCOOPValue</var> is "<code data-x="">unsafe-none</code>".</p></li>
+    </ul>
+
+    <p>then return <code data-x="">false</code>.</p>
+   </li>
+
+   <li><p>Return <code data-x="">true</code>.</p>
+  </ol>
+
+  <p>To <dfn data-x="check-bcg-switch-navigation-away-report-only">check if enforcing report only
+  COOP policies would require a browsing context group switch when navigating away from a COOP
+  page</dfn>, given a boolean <var>isInitialEmptyDocument</var>, a <span>sandboxing flag set</span>
+  <var>sandboxFlags</var>, two <span data-x="origin">origins</span>
+  <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>, and three <span
+  data-x="coop-struct-value">cross-origin opener policy values</span>
+  <var>navigationCOOPValue</var>, <var>navigationCOOPReportOnlyValue</var>,
+  <var>incumbentCOOPReportOnlyValue</var>:</p>
+
+  <ol>
+   <li><p>Let <var>browsingContextGroupSwitchNeeded</var> be the result of <span
+   data-x="check-browsing-context-group-switch-navigation">checking if the navigation requires a
+   browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+   <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>incumbentNavigationOrigin</var>, <var>navigationCOOPValue</var> and
+   <var>incumbentCOOPReportOnlyValue</var>.</p></li>
+
+   <li><p>If <var>browsingContextGroupSwitchNeeded</var> is <code data-x="">false</code>, return
+   <code data-x="">false</code>.</p></li>
+
+   <li>
+    <p>Let <var>browsingContextGroupSwitchNeededReportOnly</var> be the result of <span
+    data-x="check-browsing-context-group-switch-navigation">checking if the navigation requires a
+    browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+    <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+    <var>incumbentNavigationOrigin</var>, <var>navigationCOOPReportOnlyValue</var> and
+    <var>incumbentCOOPReportOnlyValue</var>.</p>
+
+    <p class="note">Matching report only policies allows a website to specify the same report only
+    Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations
+    between these pages.</p>
+   </li>
+
+   <li><p>If <var>browsingContextGroupSwitchNeededReportOnly</var> is <code data-x="">false</code>,
+   return <code data-x="">false</code>.<p></li>
+
+   <li><p>Return <code data-x="">true</code>.</p></li>
+  </ol>
+
+  <p>To <dfn data-x="check-bcg-switch-navigation-to-report-only">check if enforcing report only
+  COOP policies would require a browsing context group switch when navigating to a COOP
+  page</dfn>, given a boolean <var>isInitialEmptyDocument</var>, a <span>sandboxing flag set</span>
+  <var>sandboxFlags</var>, two <span data-x="origin">origins</span>
+  <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>, and three <span
+  data-x="coop-struct-value">cross-origin opener policy values</span>
+  <var>navigationCOOPReportOnlyValue</var>, <var>incumbentCOOPValue</var>,
+  <var>incumbentCOOPReportOnlyValue</var>:</p>
+
+  <ol>
+   <li><p>Let <var>browsingContextGroupSwitchNeeded</var> be the result of <span
+   data-x="check-browsing-context-group-switch-navigation">checking if the navigation requires a
+   browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+   <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>incumbentNavigationOrigin</var>, <var>navigationCOOPReportOnlyValue</var> and
+   <var>incumbentCOOPValue</var>.</p></li>
+
+   <li><p>If <var>browsingContextGroupSwitchNeeded</var> is <code data-x="">false</code>, return
+   <code data-x="">false</code>.</p></li>
+
+   <li>
+    <p>Let <var>browsingContextGroupSwitchNeededReportOnly</var> be the result of <span
+    data-x="check-browsing-context-group-switch-navigation">checking if the navigation requires a
+    browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+    <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+    <var>incumbentNavigationOrigin</var>, <var>navigationCOOPReportOnlyValue</var> and
+    <var>incumbentCOOPReportOnlyValue</var>.</p>
+
+    <p class="note">Matching report only policies allows a website to specify the same report only
+    Cross-Origin-Opener-Policy on all its pages and not receive violation reports for navigations
+    between these pages.</p>
+   </li>
+
+   <li><p>If <var>browsingContextGroupSwitchNeededReportOnly</var> is <code data-x="">false</code>,
+   return <code data-x="">false</code>.</p></li>
+
+   <li><p>Return <code data-x="">true</code>.</p></li>
+  </ol>
+
   <p>To <dfn data-x="obtain-browsing-context-navigation">obtain a browsing context to use for a
-  navigation response</dfn>, given a <span data-x="concept-response">response</span>
-  <var>response</var>, a <span data-x="browsing context">browsing context</span>
+  navigation response</dfn>, given a <span data-x="concept-request">request</span>
+  <var>request</var>, a <span data-x="concept-response">response</span> <var>response</var>, two
+  <span data-x="browsing context">browsing contexts</span> <var>source</var> and
   <var>browsingContext</var>, a <span>sandboxing flag set</span> <var>sandboxFlags</var>, two <span
   data-x="origin">origins</span> <var>activeDocumentNavigationOrigin</var>,
   <var>incumbentNavigationOrigin</var>, and a <span>cross-origin opener policy</span>
@@ -79904,35 +80118,130 @@ interface <dfn>BarProp</dfn> {
    cross-origin opener policy</span> of <var>currentBrowsingContext</var>'s <span>active
    document</span>.</p></li>
 
-   <li><p>If the result of <span data-x="matching-coop">matching</span>
-   <var>incumbentCOOP</var>, <var>incumbentNavigationOrigin</var>,
-   <var>navigationCOOP</var> and <var>activeDocumentNavigationOrigin</var> is true, return
-   <var>browsingContext</var>.</p></li>
+   <li><p>Let <var>isInitialEmptyDocument</var> be <code data-x="">false</code>. If
+   <var>currentBrowsingContext</var>'s only entry in its <span>session history</span> is the
+   <code>about:blank</code> <code>Document</code> that was added when <var>browsingContext</var> was
+   <span data-x="creating a new browsing context">created</span>, set
+   <var>isInitialEmptyDocument</var> to <code data-x="">true</code>.</p></li>
 
    <li>
-    <p>If all of the following are true:</p>
+    <p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-report-only-endpoint">report only
+    reporting endpoint</span> is not <code data-x="">null</code>, then:</p>
 
-    <ul>
-     <li><p><var>currentBrowsingContext</var>'s only entry in its <span>session history</span> is
-     the <code>about:blank</code> <code>Document</code> that was added when
-     <var>browsingContext</var> was <span data-x="creating a new browsing
-     context">created</span>.</p></li>
+    <ol>
+     <li><p>Let <var>browsingContexGroupSwitchNeededReportOnly</var> be the result of <span
+     data-x="check-bcg-switch-navigation-to-report-only">checking if enforcing report only COOP
+     policies would require a browsing context group switch when navigating to a COOP page</span>,
+     given <var>isInitialEmptyDocument</var>, <var>sandboxFlags</var>,
+     <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>,
+     <var>navigationCOOP</var>'s <span data-x="coop-struct-report-only-value">report only
+     value</span>, <var>incumbentCOOP</var>'s <span data-x="coop-struct-value">value</span>, and
+     <var>incumbentCOOP</var>'s <span data-x="coop-struct-report-only-value">report only
+     value</span>.</p></li>
+
+     <li><p>If <var>browsingContexGroupSwitchNeededReportOnly</var> is <code data-x="">true</code>
+     and <var>browsingContext</var>'s <span>browsing context group</span>'s <span>browsing context
+     set</span>'s <span data-x="list size">size</span> is strictly greater than <code
+     data-x="">1</code>, <span data-x="coop-violation-navigat-to">queue a violation report for
+     browsing context group switch when navigating to a COOP page</span> with
+     <var>navigationCOOP</var>'s <span data-x="coop-struct-report-only-endpoint">report only
+     reporting endpoint</span>, <var>navigationCOOP</var>'s <span
+     data-x="coop-struct-report-only-value">report only value</span>, "<code
+     data-x="">reporting</code>", <var>response</var>'s <span
+     data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+     document</span>'s <span>URL</span>, and <var>request</var>'s <span
+     data-x="concept-request-referrer">referrer</span>.</p></li>
+    </ol>
+   </li>
 
-     <li><p><var>activeDocumentCOOP</var> is "<code
-     data-x="">same-origin-allow-popups</code>".</p></li>
+   <li>
+    <p>If <var>incumbentCOOP</var>'s <span data-x="coop-struct-report-only-endpoint">report only
+    reporting endpoint</span> is not <code data-x="">null</code>, then:</p>
 
-     <li><p><var>navigationCOOP</var> is "<code data-x="">unsafe-none</code>".</p></li>
-    </ul>
+    <ol>
+     <li><p>Let <var>initialNavigationURL</var> be a new empty <span>URL</span>.</p></li>
+
+     <li><p>If <var>source</var> and <var>browsingContext</var> are the same, set
+     <var>initialNavigationURL</var> to <var>request</var>'s <span
+     data-x="concept-request-url">URL</span>.</p></li>
+
+     <li><p>Let <var>browsingContexGroupSwitchNeededReportOnly</var> be the result of <span
+     data-x="check-bcg-switch-navigation-away-report-only">checking if enforcing report only
+     COOP policies would require a browsing context group switch when navigating away from a COOP
+     page</span>, given <var>isInitialEmptyDocument</var>, <var>sandboxFlags</var>,
+     <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>,
+     <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span>,
+     <var>navigationCOOP</var>'s <span data-x="coop-struct-report-only-value">report only
+     value</span>, and <var>incumbentCOOP</var>'s <span
+     data-x="coop-struct-report-only-value">report only value</span>.</p></li>
+
+     <li><p>If <var>browsingContexGroupSwitchNeededReportOnly</var> is <code data-x="">true</code>
+     and <var>browsingContext</var>'s <span>browsing context group</span>'s <span>browsing context
+     set</span>'s <span data-x="list size">size</span> is strictly greater than <code
+     data-x="">1</code>, <span data-x="coop-violation-navigat-from">Queue a violation report for
+     browsing context group switch when navigating away from a COOP page</span> with
+     <var>incumbentCOOP</var>'s <span data-x="coop-struct-report-only-endpoint">report only
+     reporting endpoint</span>, <var>incumbentCOOP</var>'s <span
+     data-x="coop-struct-report-only-value">report only value</span>, "<code
+     data-x="">reporting</code>", <var>response</var>'s <span
+     data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+     document</span>'s <span>URL</span>, and <var>initialNavigationURL</var>.</p></li>
+    </ol>
+   </li>
+
+   <li><p>Let <var>browsingContextGroupSwitchNeeded</var> be the result of <span
+   data-x="check-browsing-context-group-switch-navigation">checking if the navigation requires a
+   browsing context group switch</span> given <var>isInitialEmptyDocument</var>,
+   <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+   <var>incumbentNavigationOrigin</var>, <var>navigationCOOP</var>'s <span
+   data-x="coop-struct-value">value</span>, and <var>incumbentCOOP</var>'s
+   <span data-x="coop-struct-value">value</span>.</p></li>
+
+   <li><p>If <var>browsingContextGroupSwitchNeeded</var> is false, return
+   <var>browsingContext</var>.</p></li>
 
-    <p>then return <var>browsingContext</var>.</p>
+   <li><p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-report-endpoint">reporting
+   endpoint</span> is not <code data-x="">null</code>, and <var>browsingContext</var>'s
+   <span>browsing context group</span>'s <span>browsing context set</span>'s <span data-x="list
+   size">size</span> is strictly greater than <code data-x="">1</code>, <span
+   data-x="coop-violation-navigat-to">queue a violation report for browsing context group switch
+   when navigating to a COOP page</span> with <var>navigationCOOP</var>'s <span
+   data-x="coop-struct-report-endpoint">reporting endpoint</span>, <var>navigationCOOP</var>'s <span
+   data-x="coop-struct-value">value</span>, "<code data-x="">enforce</code>", <var>response</var>'s
+   <span data-x="concept-response-URL">URL</span>, <var>browsingContext</var>'s <span>active
+   document</span>'s <span>URL</span>, and <var>request</var>'s <span
+   data-x="concept-request-referrer">referrer</span>.</p></li>
+
+   <li>
+    <p>If <var>incumbentCOOP</var>'s <span data-x="coop-struct-report-endpoint">reporting
+    endpoint</span> is not <code data-x="">null</code>, and <var>browsingContext</var>'s
+    <span>browsing context group</span>'s <span>browsing context set</span>'s
+    <span data-x="list size">size</span> is strictly greater than <code data-x="">1</code>,
+    then:</p>
+
+    <ol>
+     <li><p>Let <var>initialNavigationURL</var> be a new empty <span>URL</span>.</p></li>
+
+     <li><p>If <var>source</var> and <var>browsingContext</var> are the same, set
+     <var>initialNavigationURL</var> to <var>request</var>'s <span
+     data-x="concept-request-url">URL</span>.</p></li>
+
+     <li><p><span data-x="coop-violation-navigat-from">Queue a violation report for browsing context
+     group switch when navigating away from a COOP page</span> with <var>incumbentCOOP</var>'s <span
+     data-x="coop-struct-report-endpoint">reporting endpoint</span>, <var>incumbentCOOP</var>'s
+     <span data-x="coop-struct-value">value</span>, "<code data-x="">enforce</code>",
+     <var>response</var>'s <span data-x="concept-response-URL">URL</span>,
+     <var>browsingContext</var>'s <span>active document</span>'s <span>URL</span>, and
+     <var>initialNavigationURL</var>.</p></li>
+    </ol>
    </li>
 
    <li><p>Let <var>newBrowsingContextGroup</var> be the result of <span>creating a new
    browsing context group</span>.</p></li>
 
-   <li><p>If <var>navigationCOOP</var> is "<code data-x="">same-origin-plus-COEP</code>", then set
-   <var>newBrowsingContextGroup</var> <span data-x="bcg cross-origin isolated">cross-origin
-   isolated</span> to true.</p></li>
+   <li><p>If <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is "<code
+   data-x="">same-origin-plus-COEP</code>", then set <var>newBrowsingContextGroup</var> <span
+   data-x="bcg cross-origin isolated">cross-origin isolated</span> to true.</p></li>
 
    <li><p>Let <var>newBrowsingContext</var> be the result of <span data-x="creating a new browsing
    context">creating a new browsingContext</span> in <var>newBrowsingContextGroup</var>.</p></li>
@@ -79940,7 +80249,8 @@ interface <dfn>BarProp</dfn> {
    <li>
     <p>If <var>sandboxFlags</var> is not empty, then:</p>
     <ol>
-     <li><p>Assert <var>navigationCOOP</var> is "<code data-x="">unsafe-none</code>".</p></li>
+     <li><p>Assert <var>navigationCOOP</var>'s <span data-x="coop-struct-value">value</span> is
+     "<code data-x="">unsafe-none</code>".</p></li>
 
      <li><p>Set <var>newBrowsingContext</var>'s <span>sandboxing flag set</span> to
      <var>sandboxFlags</var>.</p></li>
@@ -79963,6 +80273,90 @@ interface <dfn>BarProp</dfn> {
   defined. It is currently under discussion in <a
   href="https://github.com/whatwg/html/issues/5350">issue 5350</a>.</p>
 
+  <h4>Reporting policies</h4>
+
+  <p>To <dfn data-x="coop-violation-navigat-to">queue a violation report for browsing context group
+  switch when navigating to a COOP page</dfn> given a string <var>endpoint</var>, a <span
+  data-x="cross-origin opener policy value">cross-origin opener policy value</span>
+  <var>COOPValue</var>, a string <var>disposition</var>, a <span>URL</span>
+  <var>navigationURL</var>, a <span>URL</span> <var>currentDocumentURL</var>, and a
+  <span data-x="concept-request-referrer">referrer</span> <var>referrer</var>:<p>
+
+  <ol>
+   <li><p>Let <var>previousDocumentURL</var> be <var>referrer</var>.</p></li>
+
+   <li><p>If <var>currentDocumentURL</var> and <var>navigationURL</var> are
+   <span>same origin</span>, set <var>previousDocumentURL</var> to
+   <var>currentDocumentURL</var>.</p></li>
+
+   <li><p>Set <var>previousDocumentURL</var>'s <span data-x="concept-url-username">username</span>
+   to the empty string, and its <span data-x="concept-url-password">password</span> to <code
+   data-x="">null</code>.</p></li>
+
+   <li><p>Let <var>serializedPreviousDocumentURL</var> be the result of executing the <span
+   data-x="concept-url-serializer">URL serializer</span> on <var>previousDocumentURL</var> with the
+   <var>exclude fragment flag</var> set.</p></li>
+
+   <li>
+    <p>Let <var>body</var> be a new object containing the following properties with keys:</p>
+
+    <ul>
+     <li><p>key: "<code data-x="">disposition</code>", value: <var>disposition</var>.</p></li>
+
+     <li><p>key: "<code data-x="">effective-policy</code>", value: <var>COOPValue</var>.</p></li>
+
+     <li><p>key: "<code data-x="">navigation-uri</code>", value:
+     <var>serializedPreviousDocumentURL</var>.</p></li>
+
+     <li><p>key: "<code data-x="">violation-type</code>", value: "<code
+     data-x="">navigate-to-document</code>".</p></li>
+    </ul>
+   </li>
+
+   <li><p><span data-x="queue-report">Queue</span> <var>body</var> as "<code data-x="">coop</code>"
+   for <var>endpoint</var> with <var>navigationURL</var>.</p></li>
+  </ol>
+
+  <p>To <dfn data-x="coop-violation-navigat-from">queue a violation report for browsing context group
+  switch when navigating away from a COOP page</dfn> given a string <var>endpoint</var>, a
+  <span>cross-origin opener policy value</span> <var>COOPValue</var>, a string
+  <var>disposition</var>, a <span>URL</span> <var>navigationURL</var>, a <span>URL</span>
+  <var>currentDocumentURL</var>, and a <span>URL</span> <var>initialNavigationURL</var>:<p>
+
+  <ol>
+   <li><p>Let <var>nextDocumentURL</var> be <var>initialNavigationURL</var>.</p></li>
+
+   <li><p>If <var>currentDocumentURL</var> and <var>navigationURL</var> are
+   <span>same origin</span>, set <var>nextDocumentURL</var> to
+   <var>navigationURL</var>.</p></li>
+
+   <li><p>Set <var>nextDocumentURL</var>'s <span data-x="concept-url-username">username</span> to
+   the empty string, and its <span data-x="concept-url-password">password</span> to <code
+   data-x="">null</code>.</p></li>
+
+   <li><p>Let <var>serializedNextDocumentURL</var> be the result of executing the <span
+   data-x="concept-url-serializer">URL serializer</span> on <var>nextDocumentURL</var> with the
+   <var>exclude fragment flag</var> set.</p></li>
+
+   <li>
+    <p>Let <var>body</var> be a new object containing the following properties with keys:</p>
+
+    <ul>
+     <li><p>key: "<code data-x="">disposition</code>", value: <var>disposition</var>.</p></li>
+
+     <li><p>key: "<code data-x="">effective-policy</code>", value: <var>COOPValue</var>.</p></li>
+
+     <li><p>key: "<code data-x="">navigation-uri</code>", value:
+     <var>serializedNextDocumentURL</var>.</p></li>
+
+     <li><p>key: "<code data-x="">violation-type</code>", value: "<code
+     data-x="">navigate-from-document</code>".</p></li>
+    </ul>
+   </li>
+
+   <li><p><span data-x="queue-report">Queue</span> <var>body</var> as "<code data-x="">coop</code>"
+   for <var>endpoint</var> with <var>currentDocumentURL</var>.</p></li>
+  </ol>
 
 
   <h3 split-filename="history" id="history">Session history and navigation</h3>
@@ -82075,15 +82469,15 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
     <dl class="switch">
      <dt>an <span>HTML MIME type</span></dt>
      <dd>Follow the steps given in the <span data-x="navigate-html">HTML document</span> section
-     providing <var>browsingContext</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     providing <var>source</var>, <var>browsingContext</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
 
      <dt>an <span>XML MIME type</span> that is not an <span>explicitly supported XML MIME
      type</span></dt>
      <dd>Follow the steps given in the <span data-x="navigate-xml">XML document</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
 
      <dt>a <span>JavaScript MIME type</span></dt>
@@ -82094,28 +82488,28 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
      <dt>"<code>text/plain</code>"</dt>
      <dt>"<code>text/vtt</code>"</dt>
      <dd>Follow the steps given in the <span data-x="navigate-text">plain text file</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
 
      <dt>"<code>multipart/x-mixed-replace</code>"</dt>
      <dd>Follow the steps given in the <span
      data-x="navigate-multipart-x-mixed-replace">multipart/x-mixed-replace</span> section providing
-     <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
 
      <dt>A supported image, video, or audio type</dt>
      <dd>Follow the steps given in the <span data-x="navigate-media">media</span> section providing
-     <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
 
      <dt>A type that will use an external application to render the content in
      <var>browsingContext</var></dt>
      <dd>Follow the steps given in the <span data-x="navigate-plugin">plugin</span> section
-     providing <var>browsingContext</var>, <var>type</var>, <var>request</var>, <var>response</var>,
-     <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+     providing <var>source</var>, <var>browsingContext</var>, <var>type</var>, <var>request</var>,
+     <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
      <var>activeDocumentNavigationOrigin</var>. Once the steps have completed, return.</dd>
     </dl>
 
@@ -82286,9 +82680,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
   given a <span data-x="concept-document-type">type</span> <var>type</var>, <span
   data-x="concept-document-content-type">content type</span> <var>contentType</var>, a <span
   data-x="concept-request">request</span> <var>request</var>, a <span
-  data-x="concept-response">response</span> <var>response</var>, a <span data-x="browsing
-  context">browsing context</span> <var>browsingContext</var>, a <span>sandboxing flag set</span>
-  <var>sandboxFlags</var>, two <span data-x="origin">origins</span>
+  data-x="concept-response">response</span> <var>response</var>, two <span data-x="browsing
+  context">browsing contexts</span> <var>source</var>, <var>browsingContext</var>, a
+  <span>sandboxing flag set</span> <var>sandboxFlags</var>, two <span data-x="origin">origins</span>
   <var>incumbentNavigationOrigin</var>, <var>activeDocumentNavigationOrigin</var>, and an optional
   <span>environment</span> <var>reservedEnvironment</var>:</p>
 
@@ -82346,9 +82740,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
 
      <li><p>Let <var>newBrowsingContext</var> be the value of <span
      data-x="obtain-browsing-context-navigation">obtaining a browsing context for the navigation
-     response</span> given <var>response</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
-     <var>activeDocumentNavigationOrigin</var>, <var>incumbentNavigationOrigin</var>, and
-     <var>navigationCOOP</var>.</p></li>
+     response</span> given <var>request</var>, <var>response</var>, <var>source</var>,
+     <var>browsingContext</var>, <var>sandboxFlags</var>, <var>activeDocumentNavigationOrigin</var>,
+     <var>incumbentNavigationOrigin</var>, and <var>navigationCOOP</var>.</p></li>
 
      <li><p>Let <var>browsingContextSwitch</var> be false.</p></li>
 
@@ -82608,8 +83002,8 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-html">Page load processing model for HTML files</h4>
 
   <p>When <dfn data-x="navigate-html">an HTML document is to be loaded</dfn> in a <span>browsing
-  context</span>, provided <var>browsingContext</var>, <var>request</var>, <var>response</var>,
-  <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+  context</span>, provided <var>source</var>, <var>browsingContext</var>, <var>request</var>,
+  <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
   <var>activeDocumentNavigationOrigin</var>, the user agent must <span>queue a task</span> on the
   <span>networking task source</span> to:</p>
 
@@ -82617,8 +83011,9 @@ new PaymentRequest(&hellip;); // Allowed to use
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initializing a <code>Document</code>
    object</span> providing "<code data-x="">html</code>", "<code data-x="">text/html</code>",
-   <var>request</var>, <var>response</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
-   <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>
+   <var>request</var>, <var>response</var>, <var>source</var>, <var>browsingContext</var>,
+   <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+   <var>activeDocumentNavigationOrigin</var>.</p></li>
 
    <li>
     <p>Create an <span>HTML parser</span> and associate it with the <var>document</var>.  Each
@@ -82651,16 +83046,17 @@ new PaymentRequest(&hellip;); // Allowed to use
 
   <h4 id="read-xml"><dfn data-x="navigate-xml">Page load processing model for XML files</dfn></h4>
 
-  <p>When faced with displaying an XML file inline, provided <var>browsingContext</var>,
-  <var>request</var>, <var>response</var>, <var>sandboxFlags</var>,
+  <p>When faced with displaying an XML file inline, provided <var>source</var>,
+  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>sandboxFlags</var>,
   <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>, user agents
   must follow the requirements defined in <cite>XML</cite> and <cite>Namespaces in XML</cite>,
   <cite>XML Media Types</cite>, <cite>DOM</cite>, and other relevant specifications to <span
   data-x="create-the-document-object">create and initialize a <code>Document</code> object</span>
   providing "<code data-x="">xml</code>", <var>type</var>, <var>request</var>, <var>response</var>,
-  <var>browsingContext</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
-  <var>activeDocumentNavigationOrigin</var>. It must also create and a corresponding <span>XML
-  parser</span>. <ref spec=XML> <ref spec=XMLNS> <ref spec=RFC7303> <ref spec=DOM></p>
+  <var>source</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
+  <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>. It must also
+  create and a corresponding <span>XML parser</span>. <ref spec=XML> <ref spec=XMLNS> <ref
+  spec=RFC7303> <ref spec=DOM></p>
 
   <p class="note">At the time of writing, the XML specification community had not actually yet
   specified how XML and the DOM interact.</p> <!--XMLPARSE-->
@@ -82705,15 +83101,16 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-text"><dfn data-x="navigate-text">Page load processing model for text files</dfn></h4>
 
   <p>When a plain text document is to be loaded in a <span>browsing context</span>, provided
-  <var>browsingContext</var>, <var>request</var>, <var>response</var>, <var>sandboxFlags</var>,
-  <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>, the user
-  agent must <span>queue a task</span> on the <span>networking task source</span> to:
+  <var>source</var>, <var>browsingContext</var>, <var>request</var>, <var>response</var>,
+  <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
+  <var>activeDocumentNavigationOrigin</var>, the user agent must <span>queue a task</span> on the
+  <span>networking task source</span> to:
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
    <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>
 
    <li><p>Create an <span>HTML parser</span> and associate it with the <var>document</var>. Act as
@@ -82782,7 +83179,7 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-media"><dfn data-x="navigate-media">Page load processing model for media</dfn></h4>
 
   <p>When an image, video, or audio resource is to be loaded in a <span>browsing context</span>,
-  provided <var>browsingContext</var>, <var>request</var>, <var>response</var>,
+  provided <var>source</var>, <var>browsingContext</var>, <var>request</var>, <var>response</var>,
   <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
   <var>activeDocumentNavigationOrigin</var>, the user agent should:
 
@@ -82790,7 +83187,7 @@ new PaymentRequest(&hellip;); // Allowed to use
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
    <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>
 
    <li><p>Append an <code>html</code> element to <var>document</var>.</p></li>
@@ -82848,15 +83245,16 @@ new PaymentRequest(&hellip;); // Allowed to use
   <h4 id="read-plugin"><dfn data-x="navigate-plugin">Page load processing model for content that uses plugins</dfn></h4>
 
   <p>When a resource that requires an external resource to be rendered is to be loaded in a
-  <span>browsing context</span>, provided <var>browsingContext</var>, <var>request</var>,
-  <var>response</var>, <var>sandboxFlags</var>, <var>incumbentNavigationOrigin</var>, and
-  <var>activeDocumentNavigationOrigin</var>, the user agent should:
+  <span>browsing context</span>, provided <var>source</var>, <var>browsingContext</var>,
+  <var>request</var>, <var>response</var>, <var>sandboxFlags</var>,
+  <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>, the user
+  agent should:</p>
 
   <ol>
    <li><p>Let <var>document</var> be the result of <span
    data-x="create-the-document-object">creating and initialize a <code>Document</code> object</span>
    providing "<code data-x="">html</code>", <var>type</var>, <var>request</var>,
-   <var>response</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
+   <var>response</var>, <var>source</var>, <var>browsingContext</var>, <var>sandboxFlags</var>,
    <var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>
 
    <li><p>Mark <var>document</var> as being a <dfn>plugin document</dfn></p></li>
@@ -82905,10 +83303,10 @@ new PaymentRequest(&hellip;); // Allowed to use
   <p>When the user agent is to display a user agent page inline in a <span>browsing context</span>,
   the user agent should <span data-x="create-the-document-object">create and initialize a
   <code>Document</code> object</span> providing "<code data-x="">html</code>", "<code
-  data-x="">text/html</code>", null, null, <var>browsingContext</var>, an empty set, null, and null,
-  and then either associate that <code>Document</code> with a custom rendering that is not rendered
-  using the normal <code>Document</code> rendering rules, or mutate that <code>Document</code> until
-  it represents the content the user agent wants to render.</p>
+  data-x="">text/html</code>", null, null, null, <var>browsingContext</var>, an empty set, null, and
+  null, and then either associate that <code>Document</code> with a custom rendering that is not
+  rendered using the normal <code>Document</code> rendering rules, or mutate that
+  <code>Document</code> until it represents the content the user agent wants to render.</p>
 
   <!-- next two paragraphs are similar to the navigate-text section, keep them in sync -->
 
@@ -116034,7 +116432,8 @@ interface <dfn>External</dfn> {
 
   <p>Valid <code data-x="">Cross-Origin-Opener-Policy</code> values include "<code
   data-x="">unsafe-none</code>", "<code data-x="">same-origin-allow-popups</code>" and "<code
-  data-x="">same-origin</code>".</p>
+  data-x="">same-origin</code>". These values may have a parameter specifying a string which
+  represents the endpoint for violation reporting.</p>
 
   <p>In order to support forward-compatibility with as-yet-unknown request types, user agents MUST
   ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if
@@ -116059,6 +116458,48 @@ interface <dfn>External</dfn> {
 
 
 
+  <h3>`<dfn><code
+  data-x="http-cross-origin-opener-policy-report-only">Cross-Origin-Opener-Policy-Report-Only</code></dfn>`</h3>
+
+  <p>This section describes a header for registration in the Permanent Message Header Field
+  Registry. <ref spec=RFC3864></p>
+
+  <p>The <code
+  data-x="http-cross-origin-opener-policy-report-only">Cross-Origin-Opener-Policy-Report-Only</code>
+  HTTP response header field allows a server to declare an opener policy for a given document. It is
+  a <span data-x="http-structured-header">Structured Header</span> whose value MUST be a <span
+  data-x="http-structured-header-token">token</span>. Its ABNF is:</p>
+
+  <p><code data-x="">Cross-Origin-Opener-Policy-Report-Only = sh-item</code></p>
+
+  <p>Valid <code data-x="">Cross-Origin-Opener-Policy-Report-Only</code> values include "<code
+  data-x="">unsafe-none</code>", "<code data-x="">same-origin-allow-popups</code>" and "<code
+  data-x="">same-origin</code>". These values may have a parameter specifying a string which
+  represents the endpoint for violation reporting.</p>
+
+  <p>In order to support forward-compatibility with as-yet-unknown request types, user agents MUST
+  ignore this header if it contains an invalid value. Likewise, user agents MUST ignore this header if
+  the value cannot be parsed as a <code data-x="">sh-token</code>.</p>
+
+  <dl>
+   <dt>Header field name:</dt>
+   <dd>Cross-Origin-Opener-Policy-Report-Only</dd>
+   <dt>Applicable protocol:</dt>
+   <dd>http</dd>
+   <dt>Status:</dt>
+   <dd>standard</dd>
+   <dt>Author/Change controller:</dt>
+   <dd>WHATWG</dd>
+   <dt>Specification document(s):</dt>
+   <dd>
+    This document is the relevant specification.
+   </dd>
+   <dt>Related information:</dt>
+   <dd>None.</dd>
+  </dl>
+
+
+
   <h2 split-filename="indices" id="index" class="no-num">Index</h2>
 
   <div w-nodev>
@@ -120899,6 +121340,9 @@ INSERT INTERFACES HERE
    <dt id="refsREFERRERPOLICY">[REFERRERPOLICY]</dt>
    <dd><cite><a href="https://w3c.github.io/webappsec-referrer-policy/">Referrer Policy</a></cite>, J. Eisinger, E. Stark. W3C.</dd>
 
+   <dt id="refsREPORTING">[REPORTING]</dt>
+   <dd><cite><a href="https://w3c.github.io/reporting/">Reporting</a></cite>, D. Creager, I. Clelland, M. West, I. Grigorik, P. Meyer. W3C.</dd>
+
    <dt id="refsREQUESTIDLECALLBACK">[REQUESTIDLECALLBACK]</dt>
    <dd><cite><a href="https://w3c.github.io/requestidlecallback/">Cooperative Scheduling of Background Tasks</a></cite>, R. McIlroy, I. Grigorik. W3C.</dd>