plugin-icon

CSP Violation Reporter

Par Guilherme Dumas Peres·
Collect Content Security Policy violation reports through a WordPress REST endpoint and review them in the admin dashboard.
content security policy
csp
reporting
Évaluations
Ajouter un Avis
Version
0.1.1
Mis à jour récemment
May 28, 2026

CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.

Reports can be reviewed from Tools > CSP Violations. The plugin supports the modern Reporting API payload format as well as the older csp-report JSON shape.

Endpoint:

/wp-json/csp-violation-reporter/v1/report

The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.

Example report endpoint configuration:

Content-Security-Policy: default-src 'self'; report-uri https://example.com/wp-json/csp-violation-reporter/v1/report

For the modern Reporting API, use an HTTPS endpoint:

Reporting-Endpoints: csp-endpoint="https://example.com/wp-json/csp-violation-reporter/v1/report" Content-Security-Policy: default-src 'self'; report-to csp-endpoint

Privacy

This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.

The plugin does not store raw IP addresses and does not transmit report data to external services.

Gratuitsur les plans payants
Commencer
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Testé jusqu’à version
WordPress 7.0
Cette extension est disponible en téléchargement pour votre site .
Télécharger