This extension is discontinued as the functionality has been added to the Joomla core.
The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. I really tried to give this plugin every feature I would want, and it's running on this site now!
Note:
This extension is no longer maintained. Its functionality has been integrated into the Joomla core, rendering it obsolete. It remains here as an example of my work.
With very little effort, and in very little time - you can pass the securityheaders.io test with an easy "A".
Features
- Implements all classes of the Content Security Policy standard
- Fetch directives
- Document directives
- Navigation directives
- Reporting directives
- "Other" directives
- Injects your settings in a Content-Security-Policy HTTP header
- (optionally) Adds a tag with your CSP settings
- Implements report-uri and report-to
- Provides a listener for report-uri and report-to incoming data
- Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
- Includes a report browser, for immediate review of stored reports
- Sets X-Content-Type-Options
- Sets X-Frame-Options
- Sets X-XSS-Protection
- Sets Referrer-Policy
- Sets Expect-CT
- Sets Strict-Transport-Security
- Sets Feature-Policy
Videos
Download the Plugin
System - Content Security Policy 1.4.4158