CSP Reporting Wiring Wizard

Given an endpoint URL, generate: Report-To header, Content-Security-Policy-Report-Only header, and a clean enforce CSP. Client-side only.

1) Inputs

Base CSP preset Reporting endpoint URL

report-to group

Report-To max_age (seconds)

Also include legacy report-uri (optional)

Tip: Start with Report-Only for a day, then enforce once violations are handled.

Report-To header value

Content-Security-Policy-Report-Only (value)

Content-Security-Policy (enforce value)

nginx snippet

Generate a sample CSP report payload + curl POST so you can validate your endpoint before waiting for real violations.

Sample csp-report JSON

curl POST