Boost Security with Content Security Policy Reporting

To improve monitoring capabilities, we’re adding the capability to monitor JavaScript dependencies on ecommerce websites.

When: Rollout across the security grid begins March 1, 2022 and is expected to be completed March 14, 2022.

How: Salesforce Commerce Cloud uses the Content Security Policy (CSP) report data for internal visibility and enhancements. Monitoring uses CSP reporting that is native to browser API technology. Commerce Cloud adds a Content-Security-Policy-Report-Only header to web pages as they pass through our edge. When JavaScript files attempt to execute on a webpage, browsers send a report to our reporting endpoint–the report doesn’t contain customer data. The report is sent to a non-customer domain and doesn’t impact customer traffic.

No customer action is required for the additional CSP report header.