Add Content Security Policy headers to your site and receive real-time alerts of issues.
A Content Security Policy (CSP) can be generated and added to your site as a line of code so that any mixed content issues (called CSP violations) are notified to you via users' browsers as they look at pages on your site.
HTTPS Reporter can be set up as the place where the browser sends the CSP violations, providing you with a simple-to-viewrepository of the issues, which additional filtering filtering and management features.
Installation & Use
How Do I Sign Up For HTTPS Reporter?
Purchase a paid plan on the Pricing page and then click "Sign up / Log in" on the HTTPS Reporter site and enter the Licence Key sent to you when you purchase a plan.
How Is Our Service Different To Other Similar Tools?
HTTPS Reporter is bundled with our powerful HTTPS Checker app to give you a combined approach to both proactive scanning with real-time violation reporting. HTTPS Reporter has been specifically designed for use with mixed content issues and to be as simple to use as possible. Using both tools will greatly assist your HTTPS migration.
How Do I Generate & Add A CSP Header Correctly?
When you add a site we will automatically generate an example CSP header, which you can then add into your website's application code, via a HTTPS header plug-in for your site or specific CSP plug-in e.g. Wordpress, Magento etc.
You can test your CSP header using this handy Chrome extension.
How Do I Know I Have Added The CSP Header Correctly?
HTTPS Reporter will continuosly check the site until it finds the header and then automatically take you to the report page where you will see violations reported.
How Many Domains Can I Track?
Between 1 - 5 dependent upon the plan you have purchased. If you need more then please contact us.
How Many Violations Can I Track Per Domain?
Refer to the pricing page as this varies according to which plan has been purchased. Once you have resolved the issues, mark each as "Resolved" and they will be deleted, freeing up your allowance again. There is also the option of marking all issues as "Resolved" (and therefore deleting them).
Can I Search For Specific Violations?
Yes, there is a search facility available which works on partial matching.
Can I Download A List Of Violations?
Yes, there is a CSV download feature available on the site issues page.
Can I See Which Domains & Pages Are Most Affected?
There is a count of issues reported on each line, which includes the page and affected asset. The higher the count, the more visitors there have been to that page. You can use this as part of how you prioritise your fix program.
There is also an activity graph shown against each domain so you can quickly see which has most spikes within the last 24 hours. Within each domain, there is a similar graph of issues that can be selected over a 7, 30 or 365 day period.
Some Violations Do Not Look Like They Originated From My Site?
This can be down to several reasons connected with plug-ins in browsers, attempted injections on a page and so on. We report all violations including these, so you can investigate them further. If they are harmless, you can block reports from a URL from being displayed (available from November 2017).
Can I Track Other Types Of CSP Violations As Well As Mixed Content?
Yes, you can create a Content Security Policy which catches other violations, as well as mixed content issues. Those violations will be stored in the repository in exactly the same way, giving you a useful new method for capturing and reviewing a range of issues.
How do I block a false positive report? (e.g. browser addon)
Inside HTTPS Reporter, find the site you want to block the report and on the issues page click the ignore button. On here we let you customize how you want to ignore this rule for future cases as well such as blocking an entire domain.