Content Security Policy

Jenkins is currently (version 2.390) not ready for this plugin to be used to enforce Content-Security-Policy for most resources in production environments. Many features, both in core and plugins, will stop working with the default rule set. At this time, this plugin is a utility for Jenkins developers, not for Jenkins administrators.


This plugin implements Content-Security-Policy protection for the classic Jenkins UI.

Getting started

Install this plugin to have basic reporting of Content-Security-Policy violations in Jenkins: A new link Content Security Policy Reports on the Manage Jenkins page allows administrators to review reported policy violations.

Rules can be configured on the Configure Global Security configuration screen.


Report issues and enhancements in the Jenkins issue tracker.


Refer to our contribution guidelines.


Licensed under MIT, see LICENSE.