network error logging and Cloudflare's report-to header

If you have used or accessed a site using Cloudflare, you may have seen the report-to and nel headers in the site's HTTP responses:

What are these headers for and what do the values mean?

what is network error logging?

Network Error Logging (NEL) is a mechanism for websites to receive reports about failed and successful network requests from browsers. For example, if a connection to a website takes too long, then the browser can send a report with the accessed URL under the reason tcp.timed_out. This helps website owners understand why users might be unable to access their site.

Websites opt-in to Network Error Logging by including two headers with JSON values in the response to a user. The first is the report-to header which looks like this:

{
  "group": "cf-nel",
  "max_age": 604800,
  "endpoints": [{
    "url": "https:\/\/a.nel.cloudflare.com\/report\/v3?s=..."
  }]
}

The endpoints field contains a list of URLs¹1. It's unclear why Cloudflare escapes the forward slashes in the URL. Forward slashes don't have to be escaped in JSON but they can be. that the browser will send reports to. If more than one URL is provided, the browser will try each one until one succeeds. The group field assigns a name to this particular list of endpoints. Finally, the max_age field sets how long this reporting group should be valid for in seconds.

Multiple reporting groups can be defined by including multiple report-to headers. The report-to header is not specific to Network Error Logging.

The second header is the nel header which looks like this:

{
  "report_to": "cf-nel",
  "max_age": 604800,
  "success_fraction": 0
}

The report_to field specifies the name of the reporting group to use for Network Error Logging. The max_age field sets how long network requests should be reported for in seconds. The success_fraction field is a float that specifies the proportion of successful network requests to report. 0 means that successful network requests will never be reported. There are more options that can be configured for Network Error Logging.

Note that the current implementation of Network Error Logging, which only Chromium based browsers support at the moment, is still a draft. You can view the specification for Network Error Logging on W3C's GitHub page. There is already a new specification for browser reporting that does not include support for Network Error Logging.

what Cloudflare uses network error logging for

Cloudflare explains what they use Network Error Logging for on their support page:

Network Error Logging can be used to help triage end-user connectivity issues that our customers’ end users experience. [...] Having the location/ASN data allows engineers to root cause external provider issues and rule out Cloudflare as a root cause.

So Cloudflare uses Network Error Logging to help determine if network errors from users are caused by their network or not.

Cloudflare's developer documentation states that the reports can be accessed on the Cloudflare dashboard under "Origin Reachability" but that section does not seem to exist. The support page also states that "NEL metrics are not currently available on the Cloudflare dashboard."

There is an option for toggling Network Error Logging on the dashboard:

However, even with this option disabled, Cloudflare still sends the report-to and nel headers to the browser. As mentioned on the support page, the best way to have these headers omitted is to email Cloudflare support.