SSL Labs ScoreSecurityHeaders.io Score

The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. I really tried to give this plugin every feature I would want, and it's running on this site now!

With very little effort, and in very little time - you can pass the securityheaders.io test with an easy "A".

Features

  • Implements all classes of the Content Security Policy standard
  • Fetch directives
  • Document directives
  • Navigation directives
  • Reporting directives
  • "Other" directives
  • Injects your settings in a Content-Security-Policy HTTP header
  • (optionally) Adds a tag with your CSP settings
  • Implements report-uri and report-to
  • Provides a listener for report-uri and report-to incoming data
  • Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
  • Includes a report browser, for immediate review of stored reports
  • Sets X-Content-Type-Options
  • Sets X-Frame-Options
  • Sets X-XSS-Protection
  • Sets Referrer-Policy
  • Sets Expect-CT
  • Sets Strict-Transport-Security
  • Sets Feature-Policy

Videos

Ready to buy?

$12 Annual

Demo Links

Documentation and Help

System - Content Security Policy in the wild

Discuss this article in the forums (1 replies).

Paid Extension FAQ

What am I buying?
  • The extension
  • One year of updates
  • Support
Do you still support free versions?
Only bugfixes
Can I install the extension on multiple sites?
Go for it
Can I give a copy to my friend?
While this is ethically wrong, there is no easy way for me to stop it. However, if your friend wants support he should call you - because I won't talk to him unless he purchases the extension.
What happens to the extension at the end of the year?
Nothing. It remains installed and configured, it just stops receiving updates and support is suspended.
What if I give you an idea that you turn into a paid extension?
You'll be given a lifetime subscription for that extension.
What if I contract you to make a custom extension for me?
There are two options, and I may or may not offer both.
  1. You will be given a quote for outright ownership of the extension.
  2. If it's something that I believe will benefit the community, I may offer a reduced quote where I retain ownership along with the promise that it will remain a free extension.