Policy Watch


Policy Watch is designed to allow you to quickly and easily monitor the CSP your are delivering on your site. Requiring no additional setup, Policy Watch works by observing the copy of CSP sent with every violation report.


Getting Started

If you already have a CSP setup on your site, either in Enforce mode or Report-Only mode, you can get started with Policy Watch in just a few seconds. Head to the Policy Watch menu item located under the CSP menu in your account. Here you can see any sites you're currently monitoring the CSP for, or add a new site to monitor.

Screenshot

We allow granular control of the sites you wish to monitor and as an example, www.report-uri.com and blog.report-uri.com would be two different sites and monitored/alerted separately from each other. This means you can setup monitoring and only receive alerts for the areas of your site that interest you.


If you add a new site to be monitored by Policy Watch, we will start analysing all inbound reports for that site to monitor your CSP and send alerts when changes are detected. Policies for any given site can be viewed by clicking the Inspect button.

Screenshot

This will show all the Policies we have detected for your site.

Screenshot

The Reset button will clear our list of observed Policies and start the monitoring process again. This may be helpful if you've made changes to your site or policy, or would like to begin monitoring from the beginning again.

Screenshot

The Delete button will delete the site from Policy Watch, removing all data with it, and will stop ongoing monitoring and alerting for this site.

Screenshot

Policy Watch Setup

If you do not have an existing CSP on your site, there are several ways you can get started with Policy Watch.

If you would like to build a fully functional CSP first, then we recommend the CSP Wizard. Once you have a CSP setup you can then enable Policy Watch to monitor your reports.


The Reporting API

If you have set up the Reporting API on your site then you can use it to send CSP reports which will continue to be monitored via Policy Watch. Simply add the report-to directive to your policy as usual, there are no support considerations.


For more details on Policy Watch, check out the launch blog post: https://scotthelme.co.uk/report-uri-launching-policy-watch-and-other-improvements/