{"id":378763,"date":"2023-05-17T14:02:37","date_gmt":"2023-05-17T14:02:37","guid":{"rendered":"https:\/\/webkul.com\/blog\/?p=378763"},"modified":"2026-02-05T06:23:08","modified_gmt":"2026-02-05T06:23:08","slug":"how-to-use-csp-in-custom-module-magento-2","status":"publish","type":"post","link":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/","title":{"rendered":"How To Use CSP in Custom Module Magento 2"},"content":{"rendered":"\n<p>Explore how to add CSP configuration to a custom Magento 2 module, including whitelisting external scripts and securing your storefront.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is CSP in Magento 2?<\/h2>\n\n\n\n<p>CSP in module 2, i.e.,&nbsp;<a href=\"https:\/\/developer.adobe.com\/commerce\/php\/development\/security\/content-security-policies\/\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Content Security Policy<\/strong>&nbsp;<\/a>is a robust tool introduced to prevent attacks on your Magento 2 store that aims to offer an additional layer of <a href=\"https:\/\/store.webkul.com\/magento2-security-extension.html\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 security<\/a> to detect and fight against Cross-Site Scripting (XSS) and related attacks, including card skimmers, session hijacking, clickjacking, and more.<\/p>\n\n\n\n<p>Once configured, the application can enforce policies like these:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Any resource, such as .js, .css, .jpg, or .ttf files, can only be loaded from the store&#8217;s domain<\/li>\n\n\n\n<li>Iframes can only include pages from the store itself<\/li>\n\n\n\n<li><a href=\"https:\/\/webkul.com\/blog\/return-json-data-with-ajax-cal-in-magento-2\/\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 AJAX<\/a> requests can only be sent to the store<\/li>\n\n\n\n<li>Forms can only be sent to the store<\/li>\n\n\n\n<li>Only whitelisted inline scripts and styles can be compiled by the browser<\/li>\n<\/ul>\n\n\n\n<p>Some domains have already been whitelisted for modules that require it. For instance if the&nbsp;<code>Magento_Paypal<\/code>&nbsp;the module is installed,&nbsp;<code>www.paypal.com<\/code>&nbsp;is already whitelisted for the&nbsp;<code><strong>script-src<\/strong><\/code>&nbsp;policy.<\/p>\n\n\n\n<p>You can add a domain to the whitelist for a policy (like&nbsp;<code><strong>script-src<\/strong><\/code>,&nbsp;<code><strong>style-src<\/strong><\/code>,&nbsp;<code><strong>font-src<\/strong><\/code>&nbsp;and others) by adding a&nbsp;<code><strong>csp_whitelist.xml<\/strong><\/code>&nbsp;to your custom <a href=\"https:\/\/store.webkul.com\/Magento-2.html\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 modules<\/a>&nbsp;<code>etc<\/code>&nbsp;folder.<\/p>\n\n\n\n<p>If you don\u2019t know <a href=\"https:\/\/webkul.com\/blog\/create-hello-module-in-magento2\/\">how to create a custom module<\/a> so you can refer to this blog for a custom module.<\/p>\n\n\n\n<p>1. CSP in module 2 Create a&nbsp;<strong>csp_whitelist.xml<\/strong>&nbsp;file in&nbsp;<strong><strong>Vendor\\Extension\\etc<\/strong><\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<pre class=\"EnlighterJSRAW\">&lt;?xml version=&quot;1.0&quot;?&gt;\n&lt;!--\n\/**\n * Webkul_Tabs\n * @category  Webkul\n * @package   Webkul_Tabs\n * @author    Webkul\n * @copyright Copyright (c)  Webkul Software Private Limited (https:\/\/webkul.com)\n * @license   https:\/\/store.webkul.com\/license.html\n *\/\n--&gt;\n&lt;csp_whitelist xmlns:xsi=&quot;http:\/\/www.w3.org\/2001\/XMLSchema-instance&quot; xsi:noNamespaceSchemaLocation=&quot;urn:magento:module:Magento_Csp:etc\/csp_whitelist.xsd&quot;&gt;\n    &lt;policies&gt;\n        &lt;policy id=&quot;script-src&quot;&gt;\n            &lt;values&gt;\n                &lt;value id=&quot;stripe&quot; type=&quot;host&quot;&gt;js.stripe.com&lt;\/value&gt;\n            &lt;\/values&gt;\n        &lt;\/policy&gt;\n        &lt;policy id=&quot;frame-src&quot;&gt;\n            &lt;values&gt;\n                &lt;value id=&quot;stripe&quot; type=&quot;host&quot;&gt;js.stripe.com&lt;\/value&gt;\n            &lt;\/values&gt;\n        &lt;\/policy&gt;\n        &lt;policy id=&quot;connect-src&quot;&gt;\n            &lt;values&gt;\n                &lt;value id=&quot;purechat&quot; type=&quot;host&quot;&gt;api.purechat.com&lt;\/value&gt;\n            &lt;\/values&gt;\n        &lt;\/policy&gt;\n    &lt;\/policies&gt;\n&lt;\/csp_whitelist&gt;<\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p>You may also check our <a href=\"https:\/\/webkul.com\/blog\/magento-tutorial\/\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 tutorials<\/a> and other Magento 2 security modules e.g <a href=\"https:\/\/store.webkul.com\/magento2-two-factor-authentication.html\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 Two Factor Authentication<\/a> and <a href=\"https:\/\/store.webkul.com\/magento2-ddos-firewall-protection.html\" target=\"_blank\" rel=\"noreferrer noopener\">Magento 2 Ddos<\/a><\/p>\n\n\n\n<p>Happy Coding!<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Explore how to add CSP configuration to a custom Magento 2 module, including whitelisting external scripts and securing your storefront. What is CSP in Magento 2? CSP in module 2, i.e.,&nbsp;Content Security Policy&nbsp;is a robust tool introduced to prevent attacks on your Magento 2 store that aims to offer an additional layer of Magento 2 <a href=\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\">[&#8230;]<\/a><\/p>\n","protected":false},"author":523,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9121,1],"tags":[12405,2070,2057],"class_list":["post-378763","post","type-post","status-publish","format-standard","hentry","category-magento-2","category-uncategorized","tag-csp","tag-magento2","tag-php"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How To Use CSP in Custom Module Magento 2 - Webkul Blog<\/title>\n<meta name=\"description\" content=\"CSP in module 2\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How To Use CSP in Custom Module Magento 2 - Webkul Blog\" \/>\n<meta property=\"og:description\" content=\"CSP in module 2\" \/>\n<meta property=\"og:url\" content=\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\" \/>\n<meta property=\"og:site_name\" content=\"Webkul Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/webkul\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-17T14:02:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-05T06:23:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-og.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sumesh Kumar\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@webkul\" \/>\n<meta name=\"twitter:site\" content=\"@webkul\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sumesh Kumar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\"},\"author\":{\"name\":\"Sumesh Kumar\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/a33dc0d6c11a015c288c07b41892f59e\"},\"headline\":\"How To Use CSP in Custom Module Magento 2\",\"datePublished\":\"2023-05-17T14:02:37+00:00\",\"dateModified\":\"2026-02-05T06:23:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\"},\"wordCount\":272,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"keywords\":[\"CSP\",\"Magento2\",\"PHP\"],\"articleSection\":[\"Magento 2\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\",\"url\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\",\"name\":\"How To Use CSP in Custom Module Magento 2 - Webkul Blog\",\"isPartOf\":{\"@id\":\"https:\/\/webkul.com\/blog\/#website\"},\"datePublished\":\"2023-05-17T14:02:37+00:00\",\"dateModified\":\"2026-02-05T06:23:08+00:00\",\"description\":\"CSP in module 2\",\"breadcrumb\":{\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/webkul.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How To Use CSP in Custom Module Magento 2\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/webkul.com\/blog\/#website\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"name\":\"Webkul Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/webkul.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/webkul.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/webkul.com\/blog\/#organization\",\"name\":\"WebKul Software Private Limited\",\"url\":\"https:\/\/webkul.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"contentUrl\":\"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png\",\"width\":380,\"height\":380,\"caption\":\"WebKul Software Private Limited\"},\"image\":{\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/webkul\/\",\"https:\/\/x.com\/webkul\",\"https:\/\/www.instagram.com\/webkul\/\",\"https:\/\/www.linkedin.com\/company\/webkul\",\"https:\/\/www.youtube.com\/user\/webkul\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/a33dc0d6c11a015c288c07b41892f59e\",\"name\":\"Sumesh Kumar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f13d947aff56bddfe679a150603adf2d461c6c78b6df48caff552a275dfc1d39?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f13d947aff56bddfe679a150603adf2d461c6c78b6df48caff552a275dfc1d39?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g\",\"caption\":\"Sumesh Kumar\"},\"description\":\"Sumesh, a skilled Software Engineer, specializes in Magento Marketplace and Shipping Integration services, creating tailored solutions that enhance eCommerce efficiency, streamline operations and support business growth in digital storefronts.\",\"url\":\"https:\/\/webkul.com\/blog\/author\/sumeshkumar-magento091\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How To Use CSP in Custom Module Magento 2 - Webkul Blog","description":"CSP in module 2","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/","og_locale":"en_US","og_type":"article","og_title":"How To Use CSP in Custom Module Magento 2 - Webkul Blog","og_description":"CSP in module 2","og_url":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/","og_site_name":"Webkul Blog","article_publisher":"https:\/\/www.facebook.com\/webkul\/","article_published_time":"2023-05-17T14:02:37+00:00","article_modified_time":"2026-02-05T06:23:08+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-og.png","type":"image\/png"}],"author":"Sumesh Kumar","twitter_card":"summary_large_image","twitter_creator":"@webkul","twitter_site":"@webkul","twitter_misc":{"Written by":"Sumesh Kumar","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#article","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/"},"author":{"name":"Sumesh Kumar","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/a33dc0d6c11a015c288c07b41892f59e"},"headline":"How To Use CSP in Custom Module Magento 2","datePublished":"2023-05-17T14:02:37+00:00","dateModified":"2026-02-05T06:23:08+00:00","mainEntityOfPage":{"@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/"},"wordCount":272,"commentCount":0,"publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"keywords":["CSP","Magento2","PHP"],"articleSection":["Magento 2"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/","url":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/","name":"How To Use CSP in Custom Module Magento 2 - Webkul Blog","isPartOf":{"@id":"https:\/\/webkul.com\/blog\/#website"},"datePublished":"2023-05-17T14:02:37+00:00","dateModified":"2026-02-05T06:23:08+00:00","description":"CSP in module 2","breadcrumb":{"@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/webkul.com\/blog\/how-to-use-csp-in-custom-module-magento-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/webkul.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How To Use CSP in Custom Module Magento 2"}]},{"@type":"WebSite","@id":"https:\/\/webkul.com\/blog\/#website","url":"https:\/\/webkul.com\/blog\/","name":"Webkul Blog","description":"","publisher":{"@id":"https:\/\/webkul.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/webkul.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/webkul.com\/blog\/#organization","name":"WebKul Software Private Limited","url":"https:\/\/webkul.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","contentUrl":"https:\/\/cdnblog.webkul.com\/blog\/wp-content\/uploads\/2021\/08\/webkul-logo-accent-sq.png","width":380,"height":380,"caption":"WebKul Software Private Limited"},"image":{"@id":"https:\/\/webkul.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/webkul\/","https:\/\/x.com\/webkul","https:\/\/www.instagram.com\/webkul\/","https:\/\/www.linkedin.com\/company\/webkul","https:\/\/www.youtube.com\/user\/webkul\/"]},{"@type":"Person","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/a33dc0d6c11a015c288c07b41892f59e","name":"Sumesh Kumar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/webkul.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f13d947aff56bddfe679a150603adf2d461c6c78b6df48caff552a275dfc1d39?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f13d947aff56bddfe679a150603adf2d461c6c78b6df48caff552a275dfc1d39?s=96&d=https%3A%2F%2Fcdnblog.webkul.com%2Fblog%2Fwp-content%2Fuploads%2F2019%2F10%2Fmike.png&r=g","caption":"Sumesh Kumar"},"description":"Sumesh, a skilled Software Engineer, specializes in Magento Marketplace and Shipping Integration services, creating tailored solutions that enhance eCommerce efficiency, streamline operations and support business growth in digital storefronts.","url":"https:\/\/webkul.com\/blog\/author\/sumeshkumar-magento091\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/378763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/users\/523"}],"replies":[{"embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/comments?post=378763"}],"version-history":[{"count":13,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/378763\/revisions"}],"predecessor-version":[{"id":524965,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/posts\/378763\/revisions\/524965"}],"wp:attachment":[{"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/media?parent=378763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/categories?post=378763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webkul.com\/blog\/wp-json\/wp\/v2\/tags?post=378763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}