Search / Filter

Csper allows you to filter and sort reports on a variety of fields. All received reports are indexed for fast and efficient querying.

The following are the available sort / filtering fields:

Grouping

Each entry in the Report table is a "Report Group".

search filter of content security policy reports

Csper Report Dashboard for Filtering and Searching of Reports

Most Content Security Policy reports are not unique. It's usually the same reports that get reported by every visitor of a website. So similar reports are automatically grouped.

To view individual reports of a group, click on "Details" of the report group.

The total amount of groups / reports for a specific query can be found on the right of the search parameters.

Policy

Content security policy reports include the policy that caused the violation. Csper records and versions these different policies so that all reports for a specific policy can be queried.

It's possible to create new versions of a policy by adding query param to the report-uri. Such as https://abc123.endpoint.csper.io?v=2

You can also use different policies on different parts of a website, and then only view reports for each individual policy.

Directive

Reports can be filtered by Content Security Policy directive.

search content security policy report-uri by directive

Csper Report Dashboard Directive Filter

Classification

Classification is a feature of Csper where it will automatically guess the type of the report. More information on classifications can be found in the blog post Filtering the Crap, Content Security Policy (CSP) Reports.

A list of classifications can be found on the Docs: Report Classification.

Time

It's possible to sort the reports based on when they were received.

To sort the reports based on received date, click "Time" -> "Sort by Time".

Count

It's possible to sort the reports based on their report group count (how many similar reports have been received).

To sort the reports based on their count, click "Count" -> "Sort by Count".

Browser

It's possible to sort the reports based on their browser (for common browsers).

To sort the reports based on browser, click "Browser" and then select which browsers you'd like.

Browser Age

A lot of the frustrating reports associated with content security policy come from older user agents. Csper allows you to ignore any reports older than 1yr based off the userAgent release date.

To filter out older browsers, click "Browser" and then select "Exclude Old Browsers"

BlockedURI

search content security policy reports by keyword

Csper Report Text Search

You can also search and sort on the blockedURI (or scriptSample where applicable).

Query Tag (Beta)

You can search on any url query string parameters added to your report-uri.

For example if your report-uri includes an app_version:

You can search for reports that match "app_version=abc123" where "app-version" is the key and "abc=123" is the value.

Tagging on the report-uri has a number of use cases:

  • Tag application versions
  • Tag specific users to track individual malware (ensure that the token used is a cryptographically random token)
  • Tag deployments
  • Tag policy versions

If you have ideas that to make the product better, please email product@csper.io, I'd love to chat!