Security Hub

Bring your software development workflows to security

csp

Suspicious rise of CSP violations

Signals & Triggers

On CSP violation
If peak of violations

Actions

  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook

Details

A Content Security Policy (CSP) is based on a powerful HTTP header that restricts the browser to loading external assets such as scripts, styles or media. Enforcing a CSP can protect your app from Cross Site Scripting (XSS), clickjacking and other code injection attacks.

Monitoring unsual volume of the policy violations let you keep track of XSS attacks tentatives early or a policy misconfiguration.

Advanced details

This plugin monitors CSP violation reports collected via Sqreen custom report-uri. For more information about the CSP setup, please visit the Content Security Policy plugin.

Whenever we detect at least 5 CSP violations coming from different IPs in less than 30 minutes, the plugin triggers.

Language support

  • Ruby
  • Python
  • Node.js
  • PHP
  • Java

Data collected by Sqreen

CSP violations


On attack
  • IP causing violations

Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo