Tangible Bytes

A Web Developer’s Blog

Monitoring CSP errors via Sentry.io

I love the extra security CSP brings - but it’s still a bit new to me and I hadn’t setup reporting because this is a static site and I didn’t think I had anywhere easy to send the errors.

However I use Sentry for another project and realised that it offers easy CSP reporting.

Sentry provides the ability to collect information on Content-Security-Policy (CSP) violations, as well as Expect-CT and HTTP Public Key Pinning (HPKP)

failures by setting the proper HTTP header which results in violation/failure to be sent to Sentry endpoint specified in report-uri.

The integration process consists of configuring the appropriate header with your project key’s Security Header endpoint found at Project Settings > Security Headers.

This is great because even my small, static, serverless site can have good monitoring - and if I make a mistake that affects some browser I will find out.