Przejdź do głównej treści
Included in every plan · EU-hosted

CSP bez raportowania to CSP na wiarę.

Nowoczesne przeglądarki mogą wysyłać ustrukturyzowany raport za każdym razem, gdy blokują skrypt, obraz lub styl naruszający Twoją CSP. SiteGuardian udostępnia endpoint do ich odbioru — zagregowane, zdeduplikowane, z alertami.

Start a free monitor Przeczytaj post premierowy →

Plan bezpłatny obejmuje 10 000 raportów/miesiąc · Privacy-first · Hostowane w UE

1 M → 1 row

A misconfigured CSP can flood you with millions of reports from a single browser tab. We bucket by (directive, blocked URI, source file) — one row with a count, three samples, and a browser breakdown.

Prywatność od początku

Client IPs hashed with a daily-rotating salt. Query strings + fragments stripped from document URIs before storage. User-Agent reduced to browser family. No session tokens. No cookies.

Alert on drift

Built-in metrics for any alert rule: spike detection (csp_report_volume) and new-violation-type notifications (csp_new_violation_type_count). Catch a broken deploy the moment the first real user hits it.

Jak to działa

  1. 1

    Enable CSP Reports on a monitor

    One click on the monitor's detail page. We generate an HMAC-signed URL and hand you a copy-paste CSP snippet.

  2. 2

    Paste the header into your server

    Both legacy (report-uri) and modern (Reporting-Endpoints + Report-To) formats are supported in parallel. Works with every current browser.

  3. 3

    Watch violations roll in

    Within seconds of real traffic the CSP Reports tab lights up with the first buckets. Click a row for raw samples, browser breakdown, and affected pages.

  4. 4

    Tighten your policy

    After a week of reports we suggest allowlist additions ranked by how many users each suggestion would unbreak. Apply the diff, redeploy, tighten the next ring.

Bez dopłat

Wliczone w plan, który już masz

Raporty CSP są wliczone w każdy plan SiteGuardian. Twój poziom określa miesięczny limit i okres przechowywania.

Plan CSP reports / month Przechowywanie
Bezpłatny 10 000 7 days
Pro 1 000 000 90 days
Business 10 000 000 180 days
Compliance 10 000 000 180 days
Enterprise Negocjowane 365 dni

Osiągnięto limit? Ingest automatycznie się zatrzymuje z monitem o upgrade — nigdy nie jesteś obciążany za przekroczenie. Ochrona przed nadużyciami dla monitora włącza się przy 10 000 raportów/minutę.

Frequently asked

Is there anything else I need?
No — the endpoint is provisioned automatically on each monitor. If you're currently sending reports to another service, you can run both in parallel (browsers send to every endpoint listed in Report-To) and cut over once you're happy with what you're seeing here.
Do I need to install anything?
No. Paste three headers into your web server config. Works with nginx, Apache, Caddy, Cloudflare Workers — anywhere you can set response headers.
What if my site gets DDoS'd via a bad CSP?
nginx rate-limits at the edge (200 req/s per source IP), and we auto-pause ingest for a monitor if it breaches 10k reports/min for three consecutive minutes. You'll never be billed for a crawl loop on your own site.
What about NEL, Deprecation, and other report types?
Same endpoint accepts NEL (Network Error Logging), Deprecation, Intervention, and Expect-CT reports. Useful bonus signals for tracking CDN outages and browser API changes.
Can I use my own subdomain?
White-label subdomains (reports.your-domain.com) are on the roadmap for Enterprise. Today the endpoint lives at reports.siteguardian.io/r/{monitor_id}/{hmac}.

See what your CSP is really blocking

One monitor, one header, 60 seconds to the first bucket.

Start free