SSL Labs ScoreHSTS Preloaded

The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. I really tried to give this plugin every feature I would want, and it's running on this site now!

With very little effort, and in very little time - you can pass the test with an easy "A".


  • Implements all classes of the Content Security Policy standard
  • Fetch directives
  • Document directives
  • Navigation directives
  • Reporting directives
  • "Other" directives
  • Injects your settings in a Content-Security-Policy HTTP header
  • (optionally) Adds a tag with your CSP settings
  • Implements report-uri and report-to
  • Provides a listener for report-uri and report-to incoming data
  • Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
  • Includes a report browser, for immediate review of stored reports
  • Sets X-Content-Type-Options
  • Sets X-Frame-Options
  • Sets X-XSS-Protection
  • Sets Referrer-Policy
  • Sets Expect-CT
  • Sets Strict-Transport-Security
  • Sets Feature-Policy


Ready to buy?

$12 Annual

Demo Links

Documentation and Help

System - Content Security Policy in the wild