MetricPoints logo
Features Pricing Docs Blog Security Checker FREE TOOL CSP Policy Builder FREE TOOL Login Get Started Features

Setup & Installation

Add CSP reporting to your site and connect it to MetricPoints.

CSP Monitoring Setup

Content Security Policy (CSP) monitoring helps you track violations and optimize your security headers.

Recommended for most sites: Managed Safety Net

Install one hosted MetricPoints script on any website, keep the token in place, and manage policy behavior from your MetricPoints account. 

<script async src="https://csp-heal.metricpoints.com/managed-csp.js?heal-token=YOUR_HEAL_TOKEN"></script>

No download is required. The bootstrap script is hosted by MetricPoints.

Open Managed Safety Net Guide

WordPress Plugin Installation

Install our CSP Manager plugin for easy WordPress integration.

Setup Steps:

  1. Download the MetricPoints CSP Manager plugin
  2. Upload and activate in WordPress admin
  3. Configure your API key
  4. Set up CSP reporting endpoint
  5. Configure CSP headers

Custom / Manual CSP Setup

For custom implementations, add the report-uri directive to your CSP headers.
Please remember to replace (YOUR_API_KEY) with your actual API key.

NOTE: These are examples only, your Content Security Policy set-up will be different.

Content-Security-Policy-Report-Only (This will not enforce the policy, but will report violations):

Content-Security-Policy-Report-Only: default-src 'self'; report-uri https://metricpoints.com/api/csp-reports/(YOUR_API_KEY)

Content-Security-Policy (This will enforce the policy):

Content-Security-Policy: default-src 'self'; report-uri https://metricpoints.com/api/csp-reports/(YOUR_API_KEY)