{"id":317984,"date":"2026-05-28T01:34:19","date_gmt":"2026-05-28T01:34:19","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/csp-violation-reporter\/"},"modified":"2026-05-28T01:33:51","modified_gmt":"2026-05-28T01:33:51","slug":"csp-violation-reporter","status":"publish","type":"plugin","link":"https:\/\/frp.wordpress.org\/plugins\/csp-violation-reporter\/","author":23504584,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"0.1.1","stable_tag":"0.1.1","tested":"7.0","requires":"6.5","requires_php":"7.4","requires_plugins":null,"header_name":"CSP Violation Reporter","header_author":"Guilherme Dumas Peres","header_description":"Collects Content Security Policy violation reports through a WordPress REST endpoint and displays them in the admin dashboard.","assets_banners_color":"","last_updated":"2026-05-28 01:33:51","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":0,"downloads":27,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"0.1.1":{"tag":"0.1.1","author":"guidumasperes","date":"2026-05-28 01:33:51"}},"upgrade_notice":[],"ratings":[],"assets_icons":[],"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["0.1.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[68184,19966,3652,3654,600],"plugin_category":[54],"plugin_contributors":[264720],"plugin_business_model":[],"class_list":["post-317984","plugin","type-plugin","status-publish","hentry","plugin_tags-content-security-policy","plugin_tags-csp","plugin_tags-reporting","plugin_tags-reports","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-guidumasperes","plugin_committers-guidumasperes"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/csp-violation-reporter.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"<!--section=description-->\n<p>CSP Violation Reporter adds a public WordPress REST endpoint for browser Content Security Policy violation reports and stores received violations in a local database table.<\/p>\n\n<p>Reports can be reviewed from Tools &gt; CSP Violations. The plugin supports the modern Reporting API payload format as well as the older <code>csp-report<\/code> JSON shape.<\/p>\n\n<p>Endpoint:<\/p>\n\n<pre><code>\/wp-json\/csp-violation-reporter\/v1\/report\n<\/code><\/pre>\n\n<p>The plugin does not create or modify Content Security Policy headers. Site owners should configure CSP headers in their web server, hosting dashboard, theme, or security tooling.<\/p>\n\n<p>Example report endpoint configuration:<\/p>\n\n<pre><code>Content-Security-Policy: default-src 'self'; report-uri https:\/\/example.com\/wp-json\/csp-violation-reporter\/v1\/report\n<\/code><\/pre>\n\n<p>For the modern Reporting API, use an HTTPS endpoint:<\/p>\n\n<pre><code>Reporting-Endpoints: csp-endpoint=\"https:\/\/example.com\/wp-json\/csp-violation-reporter\/v1\/report\"\n\nContent-Security-Policy: default-src 'self'; report-to csp-endpoint\n<\/code><\/pre>\n\n<h3>Privacy<\/h3>\n\n<p>This plugin stores CSP violation reports submitted by browsers. Stored fields can include the document URL, referrer URL, blocked URI, violated directive, source file, line and column numbers, a user agent string, a salted hash of the remote address, and the raw report payload.<\/p>\n\n<p>The plugin does not store raw IP addresses and does not transmit report data to external services.<\/p>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate the plugin through the Plugins screen in WordPress.<\/li>\n<li>Open Tools &gt; CSP Violations to copy the reporting endpoint.<\/li>\n<li>Configure your CSP Reporting API group and reference it from your <code>report-to<\/code> directive.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20plugin%20set%20my%20csp%20header%3F\"><h3>Does this plugin set my CSP header?<\/h3><\/dt>\n<dd><p>No. This plugin receives and displays CSP violation reports. CSP header generation is intentionally left to your theme, server, security plugin, or hosting environment.<\/p><\/dd>\n<dt id=\"is%20the%20report%20endpoint%20public%3F\"><h3>Is the report endpoint public?<\/h3><\/dt>\n<dd><p>Yes. Browser violation reports are sent without WordPress authentication. Admin views remain protected by the <code>manage_options<\/code> capability.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20store%20visitor%20ip%20addresses%3F\"><h3>Does the plugin store visitor IP addresses?<\/h3><\/dt>\n<dd><p>No. The plugin stores a salted hash of the remote address to help with deduplication and abuse analysis without retaining the raw IP address.<\/p><\/dd>\n<dt id=\"does%20the%20plugin%20send%20data%20to%20third%20parties%3F\"><h3>Does the plugin send data to third parties?<\/h3><\/dt>\n<dd><p>No. Reports are stored in the site's own WordPress database.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>0.1.1<\/h4>\n\n<ul>\n<li>Prepared SQL statements that include the plugin's custom table name.<\/li>\n<\/ul>\n\n<h4>0.1.0<\/h4>\n\n<ul>\n<li>Initial development release.<\/li>\n<\/ul>","raw_excerpt":"Collect Content Security Policy violation reports through a WordPress REST endpoint and review them in the admin dashboard.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/317984","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=317984"}],"author":[{"embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/guidumasperes"}],"wp:attachment":[{"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=317984"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=317984"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=317984"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=317984"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=317984"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/frp.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=317984"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}