MetricPoints logo
Features Pricing Docs Blog Security Checker FREE TOOL CSP Policy Builder FREE TOOL Login Get Started Features

Managed Safety Net

Install the hosted MetricPoints script on any website and keep configuration managed from your account.

Managed Safety Net Install Guide

This is the recommended CSP setup for most teams. Install one hosted MetricPoints script on your website, keep the token in place, and manage everything else from your MetricPoints account.

What to know first

  • No JavaScript download is required. MetricPoints hosts the bootstrap script for you.
  • The website-side install has one variable only: your heal token.
  • Policy learning, scoring, digests, alerts, and trust mode all stay in your MetricPoints account.

Step 1: Create or open a CSP site in MetricPoints

In your MetricPoints dashboard, go to your CSP sites, enable Managed Safety Net, and copy the install snippet generated for that site.

Step 2: Install the hosted script on your website

Paste the generated script tag into the layout or template that loads on every page. Replace YOUR_HEAL_TOKEN with the token from your MetricPoints project. 

<script async src="https://csp-heal.metricpoints.com/managed-csp.js?heal-token=YOUR_HEAL_TOKEN"></script>

There is no separate file to download, upload, or keep updated. The script is hosted by MetricPoints and calls back to your account-managed configuration.

View Hosted Bootstrap Script See CSP Product Page

Step 3: Let MetricPoints manage the rest

  • MetricPoints fetches the current managed policy for that token.
  • The install refreshes periodically and can keep using a cached last-known-good payload if needed.
  • Runtime health events are sent back so your team can be warned if the install cannot reach MetricPoints or falls back to cache.
  • Teams can choose manual review, safe auto-handling, or fully managed behavior from the dashboard.

Where configuration lives

The website is just a stub. MetricPoints is the source of truth for:

  • Trust mode and automation rules
  • Policy versions and rollback
  • Digests and critical alerts
  • Source verification and install health
  • Future policy learning and auto-healing decisions

Important note

The hosted JavaScript install is the easiest way to get started on virtually any site. For authoritative server or edge-managed CSP headers, a later integration layer is still recommended.