Sansec logo

Sansec Watch

Effortless CSP management for Magento

Dead-simple, PCI compliant CSP monitoring for your checkout. Sansec Watch is built for Magento and free to use!

84% of stores don't use CSP because it's too much hassle

However, new PCI requirements will come into effect next year. In short, you need to ensure that you only run authorized code on your payment pages, and you need to monitor for violations.

This implies:

  1. Enable CSP headers in strict mode and administer exceptions
  2. Set up alerts for CSP violations

This is a LOT of manual work and that's why most merchants have just disabled the Magento_CSP module. However, with the new PCI requirements and Magento 2.4.7, this is no longer possible.

The good news: Sansec Watch solves all of this AND is truly effortless.

So what should I do?

Magento 2.4.7 already implements strict CSP handling and your checkout may stop working if you don't take action!

Merchants are required to add any third party tools to the exception list and monitor for violations. As nobody wants to do this tedious work by hand, Sansec developed a free CSP management solution which integrates perfectly with Magento. Key benefits:

  1. Sansec does the heavy lifting for you and will generate a custom CSP ruleset for your store, based on our leading ecommerce threat intel and manually vetted third-party domains.
  2. For any remaining assets, you can easily approve or block sources without having to deploy your store code.
  3. You will automatically receive alerts to new or suspect code embeds, which satisfies PCI requirement 11.6.1

In the past, many stores have just disabled the Magento_Csp module altogether, but with recent Magento releases, this no longer works. Using Sansec Watch is now the easiest solution to keep your checkout working and stay compliant.

How does Sansec Watch work?

Sansec Watch acts as reporting endpoint for the core Magento CSP module. Sansec Watch will:

CSP reporting is completely transparant to your visitorss.

Why not use Cloudflare PageShield or ReportURI ?

These services are incompatible with Magento, because of the large amount of requests that a typical Magento2 store requires and the limitation of the CSP protocol. They also do not synchronize back to Magento.

We have designed Sansec Watch specifically for eCommerce. Besides, Sansec Watch is free to use!

What else should I do to stay secure?

CSP monitoring protects against unauthorized Javascript code in your checkout flow. However, malware can just as well run server-side. That's why you need a server-side malware scanner as well, such as cough cough Sansec eComscan.

My Magento 2.4.7 checkout broke and I need it fixed right now.

Sansec Watch takes only a minute to setup! However, if you want the quick but insecure solution, you can disable CSP blocking by running this:

bin/magento config:set csp/mode/storefront_checkout_index_index/report_only 1

Scan your store now
for malware & vulnerabilities

$ curl | sh

eComscan is the most thorough security scanner for Magento, Adobe Commerce, Shopware, WooCommerce and many more.

Stay up to date with the latest eCommerce attacks

Sansec logo

experts in eCommerce security


Terms & Conditions
Privacy & Cookie Policy
Company Reg 77165187
Tax NL860920306B01