PHPackages ctidigital/magento2-csp-whitelist - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ctidigital/magento2-csp-whitelist ActiveMagento2-module[Security](/categories/security) ctidigital/magento2-csp-whitelist ================================= Control CSP via the admin area 1.0.1(5y ago)21200.4k—1.2%4[2 issues](https://github.com/ctidigital/magento2-csp-whitelist/issues)MITPHP Since Feb 9Pushed 5y ago9 watchersCompare [ Source](https://github.com/ctidigital/magento2-csp-whitelist)[ Packagist](https://packagist.org/packages/ctidigital/magento2-csp-whitelist)[ RSS](/packages/ctidigital-magento2-csp-whitelist/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (2)DependenciesVersions (3)Used By (0) Magento 2 CSP Whitelist ======================= [](#magento-2-csp-whitelist) A Magento 2 module created by [CTI Digital](https://www.ctidigital.com/) to create and maintain Content Security Policies via the admin panel. Installation ------------ [](#installation) - `composer require ctidigital/magento2-csp-whitelist` - `php bin/magento module:enable CtiDigital_CspWhitelist` - `php bin/magento setup:upgrade` Usage ----- [](#usage) Identify the resource blocked by the Content Security Policy: ``` Refused to load https://www.google-analytics.com/analytics.js because it does not appear in the script-src directive of the Content Security Policy. ``` 1. Take note of the resource `google-analytics.com` or `*.google-analytics.com`. 2. Check which policy it violates `script-src`. 3. Navigate to admin panel `Stores->Configuration->Cti->CSP Whitelist` 4. Ensure the module is enabled. Add a new row, select a resource and add the value. 5. Save and flush the relevant caches. Policies -------- [](#policies) ``` POLICY NAME DESCRIPTION default-src The default policy. base-uri Defines which URLs can appear in a page’s element. child-src Defines the sources for workers and embedded frame contents. connect-src Defines the sources that can be loaded using script interfaces. font-src Defines which sources can serve fonts. form-action Defines valid endpoints for submission from tags. frame-ancestors Defines the sources that can embed the current page. frame-src Defines the sources for elements such as and . img-src Defines the sources from which images can be loaded. manifest-src Defines the allowable contents of web app manifests. media-src Defines the sources from which images can be loaded. object-src Defines the sources for the , , and elements. script-src Defines the sources for JavaScript elements. style-src Defines the sources for stylesheets. ``` ### Health Score 36 — LowBetter than 82% of packages Maintenance18 Infrequent updates — may be unmaintained Popularity44 Moderate usage in the ecosystem Community12 Small or concentrated contributor base Maturity54 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 2 Last Release 1924d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/7bbaa8fb5cb30635b640ff6cea6bc750d0ffa044a24af28d4be67a8c97699450?d=identicon)[paulpartington-cti](/maintainers/paulpartington-cti) --- Top Contributors [![paulpartington-cti](https://avatars.githubusercontent.com/u/6105453?v=4)](https://github.com/paulpartington-cti "paulpartington-cti (1 commits)") ### Embed Badge ![Health badge](/badges/ctidigital-magento2-csp-whitelist/health.svg) ``` [![Health](https://phpackages.com/badges/ctidigital-magento2-csp-whitelist/health.svg)](https://phpackages.com/packages/ctidigital-magento2-csp-whitelist) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41478.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 87117.5M63](/packages/bjeavons-zxcvbn-php)[illuminate/encryption The Illuminate Encryption package. 9229.7M280](/packages/illuminate-encryption)[paragonie/hidden-string Encapsulate strings in an object to hide them from stack traces 7410.6M39](/packages/paragonie-hidden-string) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)