=== MetricPoints CSP Manager ===
Contributors: michaelloeffler
Tags: security, csp, content security policy, headers, security headers, self-healing, violation reporting
Requires at least: 5.8
Tested up to: 6.8
Requires PHP: 7.4
Stable tag: 1.0.0
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Self-healing Content Security Policy management for WordPress with automatic violation detection and policy updates.

== Description ==

MetricPoints CSP Manager is an advanced WordPress plugin that helps you implement, manage, and automatically update Content Security Policy (CSP) headers for your website. With self-healing capabilities, the plugin can automatically adjust your CSP policy based on real violation data.

**Key Features:**

* **CSP Management** - Configure and manage Content Security Policy headers
* **Self-Healing** - Automatically update CSP policy based on violations (optional)
* **Violation Reporting** - Track and report CSP violations in real-time
* **Policy Backups** - Automatic policy backups before updates
* **Admin Dashboard** - Monitor violations and policy changes
* **Security Headers** - Manage additional security headers (HSTS, X-Frame-Options, etc.)
* **Report-Only Mode** - Test policies before enforcing
* **Webhook Integration** - Real-time policy updates from MetricPoints

**Perfect For:**

* WordPress site owners implementing CSP
* Security-conscious administrators
* Developers managing security headers
* Teams needing automated CSP management

== Installation ==

1. Upload the plugin files to the `/wp-content/plugins/metricpoints-csp-manager` directory, or install the plugin through the WordPress plugins screen directly.
2. Activate the plugin through the 'Plugins' screen in WordPress.
3. Go to Settings → MetricPoints CSP Manager.
4. Enter your MetricPoints API key (get one at https://metricpoints.com).
5. Configure your CSP policy.
6. Enable self-healing (optional).
7. Save changes.

== Frequently Asked Questions ==

= Do I need a MetricPoints account? =

Yes, you need a free MetricPoints account to use this plugin. Sign up at https://metricpoints.com.

= What is self-healing CSP? =

Self-healing CSP automatically updates your Content Security Policy when violations occur, adding necessary domains to directives based on real violation data.

= Is self-healing safe? =

Self-healing is optional and can be disabled. When enabled, policy updates require a confidence threshold (default 80%) and all changes are logged and backed up.

= Can I test my CSP before enforcing it? =

Yes, the plugin supports report-only mode, which reports violations without blocking resources.

= What security headers are supported? =

The plugin supports CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and more.

= Does this affect site performance? =

No, the plugin has minimal performance impact. CSP headers are added server-side and violation reporting is asynchronous.

== Screenshots ==

1. Plugin settings page with CSP configuration
2. Violation monitoring dashboard
3. Policy backup and rollback interface
4. Self-healing configuration options
5. Security headers management

== Changelog ==

= 1.0.0 =
* Initial release
* CSP management and configuration
* Self-healing functionality (optional)
* Violation reporting and monitoring
* Policy backups and rollback
* Admin dashboard
* Security headers management
* Webhook integration for real-time updates

== Upgrade Notice ==

= 1.0.0 =
Initial release of MetricPoints CSP Manager. Install and configure your API key to start managing your Content Security Policy.

== Support ==

For support, visit https://metricpoints.com or email hello@metricpoints.com

== Credits ==

Developed by Michael Loeffler at Main Street Web Developer (https://mainstreetwebdeveloper.com) for MetricPoints.com

