[PerformanceControlOfEmbeddedContent] Further details for the embedee experience

[edhgoose]

Hi,

I run a web platform where the majority of our content is embedded into our clients.

I would love to understand more about the experience for us (the embedee).

Would we be able to be notified when the site embedding our content has taken an action? What would the mechanism for this look like?

What information might we get about where the violation had occurred? For instance, a client might have our content on multiple pages and I could imagine cases where the content triggers a violation on certain pages but not others. (Is that assumption correct?) Would we be able to see the page and anything else about the context the page the content is embedded in?

I'll have a think about other cases - but we'd certainly be interested in understanding how we make sure we're doing well.

Thanks Ed

[lflores-ms]

Hi @edhgoose, thanks for your feedback.

The embeddee is notified of violations through Reporting API. The Document Policy explainer doesn't specify the report object, but the Chromium implementation currently includes message, disposition and resource url. I think fields from other report types are feasible, like referrer, but this is something we need to clarify with Document Policy.

If the report was to include a referrer-like field for the context where the document is embedded, would this provide enough information to you?

[edhgoose]

If the report was to include a referrer-like field for the context where the document is embedded, would this provide enough information to you?

I think so - yes. Ideally the full URL rather than just the host and protocol as we often see with the referer header.