Bring your software development workflows to security
A Content Security Policy (CSP) is based on a powerful HTTP header that restricts the browser to loading external assets such as scripts, styles or media. Enforcing a CSP can protect your app from Cross Site Scripting (XSS), clickjacking and other code injection attacks.
Monitoring unsual volume of the policy violations let you keep track of XSS attacks tentatives early or a policy misconfiguration.
This plugin monitors CSP violation reports collected via Sqreen custom
report-uri. For more information about the CSP setup, please visit the Content Security Policy plugin.
Whenever we detect at least 5 CSP violations coming from different IPs in less than 30 minutes, the plugin triggers.