CSP Reports

Starting from the 2.3.5 version and later, Magento enhanced its security measures to protect websites from Cross Site Scripting (XSS) and related attacks, including card skimmers, clickjacking, and more. By configuring CSP headers, merchants can whitelist only reliable domains and prevent browsers from loading content from harmful resources.

CSP Module for Magento 2 is a must-have tool for store administrators that helps monitor Content Security Policy violations and improve website security. With detailed reports and admin notifications for each potential violation, admins can get more granular control of the resources the browser is allowed to load. Therefore, they can prevent data injection attacks and provide a secure browsing experience for store visitors.

• Manage Magento 2 CSP modes directly from the admin panel, eliminating manual coding
• Collect CSP violations in a comprehensive grid
• Clean up Magento 2 CSP reports from resolved issues to keep them informative
• Get admin notifications for each potential policy violation

Key Features

Manage CSP Modes from the Admin Panel

Effortlessly switch between “Report Only” and “Restrict” CSP modes separately for administrator and storefront areas. Being able to change modes directly from the admin panel, the need for manual code changes is completely eliminated. Customize settings when fine-tuning your Magento 2 Content Security Policy if you want to restrict browsers from loading non-whitelisted resources or report them only, not taking any actions.

Advanced CSP Reports Grid

Benefit from a comprehensive Magento 2 Content Security Policy grid which gathers all potential policy violations, allowing you to have a unified view and fine-tune your white-listed resources more effectively. The grid offers detailed information about the resources that were restricted from loading, including the time of occurrence, page, host, and directive, providing you with valuable insights.

Additionally, you can maintain your Magento 2 CSP reports organized, structured, and neat by automatically removing issues that haven’t been reported for a specified period. 

Admin Notifications for New CSP Reports

Magento 2 CSP module includes admin notifications about new policy violations. By staying up to date, admins can take appropriate actions to fine-tune Content Security Policy and avoid security vulnerabilities.

Plumrocket Support

All Plumrocket Extensions for Magento include free technical support within the first 3 months of product ownership for Magento Open Source Edition (CE) and 6 months of product ownership for Magento Commerce Edition (EE, ECE).

You can contact our technical support on the contact us page.

Live Demo

Back-End Demo

Documentation

Check out the CSP Reports extension documentation: learn how to install, update, and configure the extension, as well as discover other useful guides.