plugin-icon

CSP Violation Reporter

Von Guilherme Dumas Peres·
Collect Content Security Policy violation reports through a WordPress REST endpoint and review them in the admin dashboard.
content security policy
csp
reporting
Bewertungen
Füge deine Bewertung hinzu
Version
0.1.1
Zuletzt aktualisiert
May 28, 2026

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.

Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape.

Endpoint:

/wp-json/csp-violation-reporter/v1/report

The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.

Example report endpoint configuration:

Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report

For the modern Reporting API, use an HTTPS endpoint:

Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report" Content-Security-Policy: default-src 'self'; report-to csp-endpoint

Privacy

This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.

The plugin does not store raw IP addresses and does not transmit report data to external services.

Kostenlosmit kostenpflichtigen Tarifen
Jetzt starten
Mit deiner Installation stimmst du den Geschäftsbedingungen von WordPress.com sowie den Bedingungen für Drittanbieter-Plugins zu.
Getestet bis
WordPress 7.0
Dieses Plugin steht für deine -Website zum Download zur Verfügung.
Herunterladen