Boost Security with CSP Reporting

To improve monitoring capabilities, we’re adding the capability to monitor javaScript dependencies on ecommerce websites.

When: Rollout across the security grid begins March 1, 2022 and is expected to be completed March 14, 2022.

How: Monitoring uses Content Security Policy (CSP) reporting that is native to browser API technology. Salesforce Commerce Cloud adds a Content-Security-Policy-Report-Only header to web pages as they pass through our edge. When JavaScript files attempt to execute on a webpage, browsers send a report to our reporting endpoint–the report doesn’t contain customer data. The report is sent to a non-customer domain and doesn’t impact customer traffic.

No customer action is required for the additional CSP report header.

X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.