W1zzardTPU
W1zzardTPU
/ csp-report.php
Last active
April 10, 2025 17:07
Process Content Security Policy violations using PHP and send them as e-mail
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| // This script will process incoming Content Security Policy violation reports | |
| // and send them, nicely formatted, to the email address listed below. | |
| // | |
| // Included in the script is a large list of false-positives that are generated | |
| // by browser addons etc. | |
| // | |
| // To activate, emit the proper CSP headers via PHP in all your page-generating scripts, | |
| // e.g.: header("Content-Security-Policy-Report-Only: default-src https: wss: data: 'unsafe-eval' 'unsafe-inline'; report-uri /csp-report.php"); |