plugin-icon

CSP Violation Reporter

De Guilherme Dumas Peres·
Collect Content Security Policy violation reports through a WordPress REST endpoint and review them in the admin dashboard.
content security policy
csp
reporting
Valoraciones
Añadir una valoración
Versión
0.1.1
Última actualización
May 28, 2026

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.

Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape.

Endpoint:

/wp-json/csp-violation-reporter/v1/report

The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.

Example report endpoint configuration:

Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report

For the modern Reporting API, use an HTTPS endpoint:

Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report" Content-Security-Policy: default-src 'self'; report-to csp-endpoint

Privacy

This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.

The plugin does not store raw IP addresses and does not transmit report data to external services.

Gratisen planes de pago
Comenzar
Al instalarlo, aceptas las condiciones del servicio de WordPress.com y las condiciones de los plugins de terceros.
Probado hasta
WordPress 7.0
Te puedes descargar este plugin para utilizarlo en tu sitio de .
Descargar