Content Security Policy

ID: csp
Jenkins is currently (version 2.293) not ready for this plugin to be used to enforce Content-Security-Policy for most resources in production environments. Many features, both in core and plugins, will stop working with the default rule set. At this time, this plugin is a utility for Jenkins developers, not for Jenkins administrators.


This plugin implements Content-Security-Policy protection for the classic Jenkins UI.

Getting started

Install this plugin to have basic reporting of Content-Security-Policy violations in Jenkins: A new link Content Security Policy Reports on the Manage Jenkins page allows administrators to review identified policy violations.

Rules can be configured in the Global Security Policy configuration screen.


Report issues and enhancements in the Jenkins issue tracker.


Refer to our contribution guidelines.


Licensed under MIT, see LICENSE.