Skip to main content

CSP Report (Content Security Policy)

Introduction

A Content Security Policy (CSP) is an essential layer of security that helps detect and mitigate severe vulnerabilities, including Cross-Site Scripting (XSS) and data injection attacks (such as Magecart skimming).

In the CSP Report section of AuditIQ, merchants and agencies can actively monitor and manage their website's defense mechanisms. Whenever a visitor's browser blocks a malicious or unauthorized resource from loading because it violates your site's CSP rules, AuditIQ logs the incident in real-time.

Understanding Your CSP Report Data

The dashboard provides a detailed, searchable ledger of all CSP violations detected across your linked eCommerce domains:

  • Hostname: The specific domain or subdomain (e.g., shop.example.com) where the violation occurred.

  • Timestamp: The exact date and time the unauthorized resource was blocked by the browser.

  • Document URI: The specific URL/page on your website where the issue was detected (e.g., /checkout or /new-arrivals).

  • Blocked URI: The external URL of the unauthorized asset, script, or tracking pixel that was prevented from executing.

  • Violated Directive: The specific CSP rule that caught and blocked the resource (e.g., script-src or img-src). This helps developers pinpoint exactly which security policy is working.

  • Original Policy: A snippet of the active CSP rules at the time of the violation.

Viewing Full Policy Details

For deep-dive troubleshooting, you can click the Show more button under the Original Policy column. This opens a detailed pop-up modal displaying the complete, raw policy string (including all approved sources for trusted third-party tools, payment gateways, and analytics platforms).