Security Hub

Bring your software development workflows to security

csp

Content Security Policy

Signals & Triggers

On CSP violation
If peak of violations

Actions

  • POST to webhook
  • Set the http header

Details

A Content Security Policy (CSP) is based on a powerful HTTP header that restricts the browser to loading external assets such as scripts, styles or media. Enforcing a CSP can protect your app from Cross Site Scripting (XSS), clickjacking and other code injection attacks.

The CSP lists all the authorized domains and resources your app is allowed to use (web workers, image, font, media, scripts, frames, stylesheets). Thus, if a user loads a page where an attacker has injected a malicious resource, the browser will load your page, but prevent the attacker’s resource from loading.

A CSP is a very powerful protection but can be hard to manage at scale. Sqreen helps you to craft and deploy a strong CSP by listing and filtering all the domains seen from your traffic and maintaining it by notifying you when new domain try to load resources.

Advanced details

This plugin monitors CSP violations by monitoring violations report (setting a Sqreen URL as the report-uri).

For each report, it looks at the domain and matches it with internal blacklists to exclude non legit domains.

Based on the whitelisted domains and their category (script, connection source, media, etc), it generates the full CSP to apply in your application. If you enable Sqreen to manage your Content Security Policy, Sqreen will automatically set the HTTP header in the responses. You can then decide if you want to enable the policy in reporting or blocking mode.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

CSP violations


On attack
  • IP causing violations

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s https://8dc0b36f0ea6f2f21b721765e10a7e02768cd1825b4551f4:@packagecloud.io/install/repositories/sqreen/sqreen/script.deb.sh | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen-latest-all.jar

 

// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo