Quick Start
Get CSP reporting working in 5 minutes.
1. Create a Site in Header Hawk
Section titled “1. Create a Site in Header Hawk”- Sign up at app.headerhawk.com
- Create a new site for your domain
- Copy your site’s reporting endpoint:
https://ingest.headerhawk.com/csp/YOUR_SITE_ID2. Add CSP Headers
Section titled “2. Add CSP Headers”Choose your platform:
3. Start with Report-Only
Section titled “3. Start with Report-Only”We recommend starting with Content-Security-Policy-Report-Only to collect violations without breaking your site:
Content-Security-Policy-Report-Only: default-src 'self'; report-uri https://ingest.headerhawk.com/csp/YOUR_SITE_IDThis header tells browsers to:
- Check if resources violate the policy
- Report violations to Header Hawk
- Not block anything (report-only mode)
4. View Reports
Section titled “4. View Reports”Visit your Header Hawk dashboard to see incoming CSP violations.
You’ll see:
- Blocked resources - URLs that would be blocked by your policy
- Violated directives - Which CSP rules were violated
- Document URLs - Pages where violations occurred
- Timestamps - When violations happened
Next Steps
Section titled “Next Steps”- Understand CSP concepts - Learn how CSP works
- CSP directive reference - Tune your policy
- Troubleshooting - Fix common issues