PHPackages magex/content-security-policy - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. magex/content-security-policy ActiveMagento2-module[Security](/categories/security) magex/content-security-policy ============================= Allows to add CSP domains on the Admin 1.0.0(5y ago)01.4kOSL-3.0PHP Since Apr 25Pushed 4y ago1 watchersCompare [ Source](https://github.com/magexdigital/content-security-policy)[ Packagist](https://packagist.org/packages/magex/content-security-policy)[ RSS](/packages/magex-content-security-policy/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (3)Versions (2)Used By (0) Mage2 Module MagEx Content Security Policy ========================================== [](#mage2-module-magex-content-security-policy) ``` magex/content-security-policy ``` As of version 2.3.5, Magento supports CSP headers and provides ways to configure them. (This functionality is defined in the Magento\_Csp module.) Magento also provides default configurations at the application level and for individual core modules that require extra configuration. Policies can be configured for adminhtml and storefront areas separately to accommodate different use cases. Magento also permits configuring unique CSPs for specific pages. - [Main Functionalities](#markdown-header-main-functionalities) - [Installation](#markdown-header-installation) - [Configuration](#markdown-header-configuration) - [Specifications](#markdown-header-specifications) - [Attributes](#markdown-header-attributes) Main Functionalities -------------------- [](#main-functionalities) - This module allows Admin to add external sources to CSP header from Store configuration Installation ------------ [](#installation) \* = in production please use the `--keep-generated` option ### Type 1: Zip file [](#type-1-zip-file) - Unzip the zip file in `app/code/MagEx` - Enable the module by running `php bin/magento module:enable MagEx_ContentSecurityPolicy` - Apply database updates by running `php bin/magento setup:upgrade`\* - Flush the cache by running `php bin/magento cache:flush` ### Type 2: Composer [](#type-2-composer) - Make the module available in a composer repository for example: - public repository `packagist.org` - public github repository as vcs - Install the module composer by running `composer require magex/content-security-policy` - enable the module by running `php bin/magento module:enable MagEx_ContentSecurityPolicy` - apply database updates by running `php bin/magento setup:upgrade`\* - Flush the cache by running `php bin/magento cache:flush` Configuration ------------- [](#configuration) - global `Global policy.` - default-src `The default policy.` - base-uri `Defines which URLs can appear in a page’s element.` - child-src `Defines the sources for workers and embedded frame contents.` - connect-src `Defines the sources that can be loaded using script interfaces.` - font-src `Defines which sources can serve fonts.` - form-action `Defines valid endpoints for submission from tags.` - frame-ancestors `Defines the sources that can embed the current page.` - frame-src `Defines the sources for elements such as and .` - img-src `Defines the sources from which images can be loaded.` - manifest-src `Defines the allowable contents of web app manifests.` - media-src `Defines the sources from which images can be loaded.` - object-src `Defines the sources for the , , and elements.` - script-src `Defines the sources for JavaScript elements.` - style-src `Defines the sources for stylesheets.` Specifications -------------- [](#specifications) - Config reader - MagEx\\ContentSecurityPolicy\\Collector\\Config\\ScopeConfigPolicyReader ### Health Score 27 — LowBetter than 49% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity18 Limited adoption so far Community4 Small or concentrated contributor base Maturity52 Maturing project, gaining track record How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 1849d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/11054adddc4265e7febc5ef0664cde581a82d44064a9967f3c0d24fb729d5726?d=identicon)[magexdigital](/maintainers/magexdigital) --- Tags content-security-policycspmagento2magento2-extensionmagento2-module ### Embed Badge ![Health badge](/badges/magex-content-security-policy/health.svg) ``` [![Health](https://phpackages.com/badges/magex-content-security-policy/health.svg)](https://phpackages.com/packages/magex-content-security-policy) ``` ### Alternatives [adyen/module-payment Official Magento2 Plugin to connect to Payment Service Provider Adyen. 1663.0M10](/packages/adyen-module-payment)[veriteworks/cookiefix Magento2 extension for Cookie SameSite attribute. 65455.3k1](/packages/veriteworks-cookiefix)[basecom/magento2-csp-split-header Magento 2 module to split oversized CSP headers into multiple headers. 5256.6k](/packages/basecom-magento2-csp-split-header)[imi/magento2-friendly-captcha Friendly Captcha integration for Magento2 18116.2k](/packages/imi-magento2-friendly-captcha)[pixelopen/magento-cloudflare-turnstile Protect your store from spam messages and spam user accounts with Cloudflare Turnstile 5325.4k1](/packages/pixelopen-magento-cloudflare-turnstile)[yireo/magento2-csp-whitelist-inline-js Magento module to automatically add inline JS script to CSP whitelist 2974.7k](/packages/yireo-magento2-csp-whitelist-inline-js) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)