Trader Information
Back to topOverview
Back to topMagento introduced the Content Security Policies (CSP) tool to provide protection against Cross-Site Scripting (XSS) and similar attacks. This crucial means should not be ignored by merchants or, even worse, disabled/uninstalled because it is meant to protect customers from card skimmers, session hijacking, clickjacking, etc.
As it usually goes, the new built-in tool brings new headaches and challenges to those who manage and maintain e-commerce shops.
The built-in CSP whitelist doesn't includes various external resources used throughout their websites: YouTube/Vimeo, external images, CDN, Live Chats, social network connectors, metrics, and services. Depending on the security mode deployed, these resources either can't operate as intended or result in numerous errors in the browser console.
This extension is built to help you maintain the CSP whitelist by providing means add new content security mode from within the Magento admin panel.
Features
- Provides a quick and structured way to add new domains to Magento’s CSP whitelist with the correct directive and policy type
- Supports third-party scripts, stylesheets, images, fonts, iframes, media, and connect sources blocked by Magento CSP.
- Resolves CSP errors related to blocked inline scripts by enabling nonce- and hash-based script execution, fully aligned with Magento’s CSP standards.
- Fixes checkout and frontend issues caused by inline JavaScript being blocked under
script-srcdirectives. - Helps eliminate common browser console errors such as : a) Inline script execution being refused due to missing nonce or hash b) Third-party checkout, payment, or analytics scripts failing silently
- Provides multiple policy options to control how and where external resources are allowed.
- One-click configuration from the Magento Admin—no core overrides required
- Fully compatible with Magento’s CSP modes
Technical Specifications
Back to topSeller profile
Seller contact
Current Version
1.0.7
Adobe Commerce platform compatibility
Magento Open Source: 2.4 (current)
Type
Stable Build
Updated
01 January, 2026
Categories
Extensions, Content & Customizations
Quality Report
Back to topAll tests were conducted on the latest versions of Adobe Commerce that existed for the compatible release lines at the moment of the extension submission. Latest versions of all other software were used, as applicable.
Release Notes
Back to top1.0.7:
- Compatible with Magento Open Source : 2.4
- Stability: Stable Build
-
Description:
Fixed the CSP error on the checkout page.
1.0.6:
- Compatible with Magento Open Source : 2.4
- Stability: Stable Build
-
Description:
Compatible with php 8.3.
1.0.5:
- Compatible with Magento Open Source : 2.4
- Stability: Stable Build
-
Description:
Compatible with Open Source (CE) : 2.3 2.4
Stability: Stable Build
Support
Back to topThe best place to start if you need help with a specific extension is to contact the developer. All Adobe Commerce developers have both a contact email and a support email listed.
Contact Vendor