PHPackages jfd/craft-csp-report - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. jfd/craft-csp-report ActiveCraft-plugin[Security](/categories/security) jfd/craft-csp-report ==================== Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file. 1.0.5(3mo ago)0380↑133.3%PHPPHP >=8.2 Since Feb 27Pushed 3mo agoCompare [ Source](https://github.com/jamesforddesign/craft-csp-report)[ Packagist](https://packagist.org/packages/jfd/craft-csp-report)[ RSS](/packages/jfd-craft-csp-report/feed)WikiDiscussions master Synced 3w ago READMEChangelogDependencies (1)Versions (7)Used By (0) CSP Report ========== [](#csp-report) Sets a Content-Security-Policy-Report-Only header, creates an action to receive CSP violation reports, and logs them to a file. Requirements ------------ [](#requirements) This plugin requires Craft CMS 5.9.0 or later, and PHP 8.3 or later. How to install -------------- [](#how-to-install) 1. Install the composer package: ``` composer require jfd/craft-csp-report ``` 2. Install the plugin: ``` php craft plugin/install _csp-report ``` How to use ---------- [](#how-to-use) Once installed, the plugin will add a `Content-Security-Policy-Report-Only` header to all pages. Violations will be reported to `/actions/_csp-report/report/log`, which will log the violation to `storage/csp-report/csp-report.json`. The contents of this file can be viewed at `/actions/_csp-report/report/get`. ### Whitelisting sources [](#whitelisting-sources) To whitelist known-good sources: 1. Using the [config.php](https://github.com/jamesforddesign/craft-csp-report/blob/master/src/config.php) file in the plugin directory as an example, create config/\_csp-report.php in your Craft project. 2. Add the sources you wish to whitelist using the following format: ``` return [ 'allowedSources' => [ 'script-src' => ["https://cdn.example.com", "'unsafe-inline'"], 'style-src' => ["https://fonts.googleapis.com", "'unsafe-inline'"], 'img-src' => ["https://images.example.com", "data:"], 'font-src' => ["https://fonts.gstatic.com"], 'connect-src' => ["https://api.example.com"], ], ]; ``` Once done, the whitelisted sources will no longer be reported as violations. How to update this package -------------------------- [](#how-to-update-this-package) After making your changes, tag the release: ``` git tag 1.0.1 # increment the release version as required git push --tags ``` ### Health Score 41 — FairBetter than 87% of packages Maintenance79 Regular maintenance activity Popularity17 Limited adoption so far Community6 Small or concentrated contributor base Maturity51 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~0 days Total 6 Last Release 113d ago PHP version history (2 changes)1.0.0PHP >=8.3 1.0.3PHP >=8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/fdf31a2f9dc3b4e0f502a7213bd4d0426ced3aa51f4b330cbc2741ece000c77e?d=identicon)[jfd](/maintainers/jfd) --- Top Contributors [![petehjfd](https://avatars.githubusercontent.com/u/29060670?v=4)](https://github.com/petehjfd "petehjfd (13 commits)") ### Embed Badge ![Health badge](/badges/jfd-craft-csp-report/health.svg) ``` [![Health](https://phpackages.com/badges/jfd-craft-csp-report/health.svg)](https://phpackages.com/packages/jfd-craft-csp-report) ``` ### Alternatives [spicyweb/craft-neo A Matrix-like field type with block hierarchy 393808.8k10](/packages/spicyweb-craft-neo)[craftcms/feed-me Import content from XML, RSS, CSV or JSON feeds into entries, categories, Craft Commerce products, and more. 293943.4k27](/packages/craftcms-feed-me)[verbb/formie The most user-friendly forms plugin for Craft. 100387.6k57](/packages/verbb-formie)[solspace/craft-freeform The most flexible and user-friendly form building plugin! 53675.5k15](/packages/solspace-craft-freeform)[craftpulse/craft-password-policy Password Policy plugin 2829.0k2](/packages/craftpulse-craft-password-policy)[verbb/vizy A flexible visual editor field for Craft. 4249.7k](/packages/verbb-vizy) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)