You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1.7 KiB


A simple application to send CSP violation reports to an email address


CSP-Handler needs to be behind a reverse proxy which forwards either the X-Forwarded-For or X-Real-IP header, otherwise rate limiting won't work.


  1. Install golang (>=1.14) and GNU make if you don't have them already
  2. Clone the repository: git clone
  3. Checkout the latest stable tag
  4. Run make build to build the csp-handler binary
  5. Run sudo make install to install csp-handler on your system. This will create the directory /etc/csp-handler (config directory). Additionally the user csp-handler will be created.
  6. If you have systemd installed you can run sudo make install-systemd to install the systemd service. Run service csp-handler start to start the csp-handler service. Csp-handler will automatically run as the csp-handler user.

Make sure you edit the config located at /etc/csp-handler/config.toml before running the service.

Command line flags

  • -config <config file> - The location of the config file to use. Defaults to config.toml in the working directory.


Run sudo make uninstall to uninstall csp-handler. This will remove /etc/csp-handler if the directory is empty.

Run sudo make uninstall-systemd to remove the systemd service.


Include the report-uri directive in your content security policy:


Replace with the domain on which csp-report is deployed and with the domain on which the content security policy is deployed.