Content Security Policy is a web security feature allowing to detect and mitigate various types of attacks such as Cross-site scripting (XSS) and data injections. These attacks are used to steal data, deface websites and distribute malwares.
But using CSP is not easy. Policies are hard to write, hard to test, and hard to monitor. We want to change that.
CSPWatch uses the CSP reporting mechanism to monitor your websites in real-time. It collects and aggregates reports, then alerts you about violations.
You can now check in realtime what elements on your website are being blocked, and adapt your rules to allow legitimate actions while being aware of potential risks.
CSPWatch groups similar reports: once you have marked a group as handled, you will only be notified about new, different reports.
Policies are complex to write, and mistakes can lead to unexpected security issues. Use our editor to create and update your policies and avoid many errors.
Use the policy analyzer in the editor or with the scanner to detect common mistakes.