Hello,

I was conducting DAST tests, which returned me the following message: "The report-uri directive has been deprecated in favor of the new report-to directive."
Do you have plans to introduce support for the "report-to" directive? Because currently, I don't see such a parameter for configuration.

No plans, but PRs welcome, as resources to maintain this bundle are very limited.

Is there interest from the bundle maintainers to also support the Reporting API Reporting-Endpoints header? While not technically a security header, it is supported for reporting by a number of other security headers (CSP, COOP, COEP, Document Policy, ...). The header is just a list of named endpoints.