System - Content Security Policy

This extension is discontinued as the functionality has been added to the Joomla core.

The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. I really tried to give this plugin every feature I would want, and it's running on this site now!

With very little effort, and in very little time - you can pass the securityheaders.io test with an easy "A".

Features

  • Implements all classes of the Content Security Policy standard
  • Fetch directives
  • Document directives
  • Navigation directives
  • Reporting directives
  • "Other" directives
  • Injects your settings in a Content-Security-Policy HTTP header
  • (optionally) Adds a tag with your CSP settings
  • Implements report-uri and report-to
  • Provides a listener for report-uri and report-to incoming data
  • Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
  • Includes a report browser, for immediate review of stored reports
  • Sets X-Content-Type-Options
  • Sets X-Frame-Options
  • Sets X-XSS-Protection
  • Sets Referrer-Policy
  • Sets Expect-CT
  • Sets Strict-Transport-Security
  • Sets Feature-Policy

Videos

Download the Plugin

  System - Content Security Policy 1.4.4154

  Report a Bug   Documentation

1 Review

Retrieved from JED monthly

Complete - Unfiltered

Why is this software free?

I’m ditching the freemium game and giving this software to the Joomla crowd for free. It’s a nod to “Jumla”—Swahili for “all together”—because fragmentation sucks, and I’d rather focus on innovation and paid gigs. Use it, build with it, and if you need custom work, I’m super into that.

Will You Make X for WordPress?

No. WordPress accounted for over 96% of the websites infected with malware in 2022, and 99.4% of all security vulnerabilities were found in themes and plugins in 2021. I have personally witnessed a WordPress site hack destroy a company. I won't touch that CMS with a 10-foot pole.