How to use the CSP Manager?
The CSP Manager page is your solution for handling Content Security Policies. Of course, before you create a CSP we recommend reviewing all of your domains. Also, once you have reviewed your domains you can enable your content security policy in monitoring mode for initial testing purposes. Instead of blocking domains this will report violations while still allowing the domain through to your site. We also recommend using a combination of our Domain Whitelist Violation and CSP Violation notifications in order to thoroughly test your CSP before setting it to blocking mode.
Domain Review Status
The first thing you should notice is the Domain Review Status information in the top right.
This will show you the number and percentage of approved, pending and rejected domains. If you are a Tag Management Admin or a Security Admin, you can approve and reject domains directly from this page by clicking the Review Pending Domains button, located beneath the Pending percentage.
How to Create New CSPs
The next thing you’ll want to do on the CSP Manager page is select to either Create a New CSP or Edit an Existing CSP. Let’s start with Creating a New CSP.
Below you will see Approved Domains and Not Approved Domains. You must approve domains in order to add them to your CSP.
To add domains to the new CSP you are creating, click and drag them from the right to the left in the Approved Domains area.
You can also click here to add all approved domains.
Now scroll down the screen to view the CSP Settings. You can toggle on and off various settings here. And to the right you can see the Meta Tag, Response Header, and Domain Whitelist. Once you create the CSP, you will be able to copy these to your clipboard
You may notice the Meta tag includes some JavaScript at the top. The JavaScript is here in order for Blue Triangle to collect all errors and CSP violations that may occur before our main JavaScript tag loads on the page.
Once you have everything ready, enter a name for the CSP and click “create CSP” at the bottom of the page.
View, Edit, and Delete Existing CSPs
To view or edit existing CSP’s click “Edit Existing CSP” at the top of the page. Now you will see a table with all of your CSP’s at the top of the page.
To view, edit and delete CSP’s, use the 3 icons to the left.
Please sign in to leave a comment.
Comments
0 comments