This plugin implements Content Security Policy (CSP) headers for a widely-used content management system, providing a critical layer of defense against common web attacks. It is designed for site administrators and developers who need to harden their site's security posture without extensive manual configuration. The tool helps enforce a policy that dictates which resources the browser is allowed to load, effectively mitigating risks.

• CSP Header Management: Adds and configures Content-Security-Policy HTTP headers directly from the admin interface, eliminating the need to edit server configuration files.
• Granular Source Control: Allows administrators to define approved sources for scripts, stylesheets, images, fonts, and other content types, preventing the execution of unauthorized code.
• Inline Script Handling: Provides mechanisms to manage inline JavaScript and styles, a common challenge when implementing CSP, through nonce or hash-based approaches.
• Reporting & Monitoring: Can be configured to send violation reports to a specified URI, helping administrators identify and fix policy issues without blocking content for users.
• Policy Testing: Supports report-only mode, which monitors policy violations without enforcing them, allowing for safe testing before going live.