Boost Security with Content Security Policy Reporting

To improve monitoring capabilities, we’re adding the capability to monitor javaScript dependencies on ecommerce websites.

When: Rollout across the security grid begins March 1, 2022 and is expected to be completed March 14, 2022.

How: Salesforce Commerce Cloud uses the Content Security Policy (CSP) report data for internal visibility and enhancements. Monitoring uses CSP reporting that is native to browser API technology. Commerce Cloud adds a Content-Security-Policy-Report-Only header to web pages as they pass through our edge. When JavaScript files attempt to execute on a webpage, browsers send a report to our reporting endpoint–the report doesn’t contain customer data. The report is sent to a non-customer domain and doesn’t impact customer traffic.

No customer action is required for the additional CSP report header.

X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.