System - Content Security Policy

Get System - Content Security Policy (v1.4.3)

Introduction

Site Security, Browsers & Web Standards, Security Tools

The System - Content Security Policy plugin(s) bring this much needed security functionality to Joomla. The fun doesn't stop there - this set of plugins also implements the report-uri feature of the CSP. You can capture your own csp-report via the included AJAX plugin, and have it sent to you nightly using the included CLI script. If you want to browse the data - the AJAX plugin offers a handy report browser. Let's look at all of the features:

Implements all classes of the Content Security Policy standard: Fetch directives, Document directives, Navigation directives, Reporting directives, and the eclectic "Other" directives
Injects your settings in a Content-Security-Policy HTTP header
Adds a meta tag with your CSP settings
Implements report-uri and report-to
Provides a listener for report-uri and report-to incoming data
Includes a CLI script to be used in a CRON job for nightly reporting to a selected administrator or administrators
Includes a report browser, for immediate review of stored reports
Additional options offer the ability to also set X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, and Expect-CT headers.

I really tried to give this plugin every feature I would want, and it's running on my site now!

With very little effort, and in very little time - you can pass the securityheaders.io test with an easy "A".

Write a review

Must have!

Ian Shere (82).
Posted on 27 February 2019

Functionality

CSP, X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Expect-CT, Strict-Transport-Security, & Feature-Policy

Ease of use

Install, enable, configure. Very simple to go from F to A! That said, some pre-reading to understand all the options is a must.

Support

Have yet to need.

Documentation

Covers install only - there are so many options, all site-specific, that documenting them would be impossible. Great tooltip help throughout

Value for money

Outstanding! $12/yr? Peanuts for the time and stress it saved. GET IT!

I used this to: Took my sites from an embarrassing F to a shiny green A!! CSP is complicated & will break sites when done wrong (I know, I proved it!). Michael's plugin did it swiftly and painlessly. Could I (or someone else) do it manually? Sure, but I spent hours TRYING to and failing.

Owner's reply: I spent those same hours setting up CSP on my own sites and finally got frustrated enough to write an extension to streamline the process. I used to only worry about CSP on a few sites - now I score an A on all of my sites because the plugin makes it so easy!

Thanks for the great review!

Display #

Free

AdminExile

By Michael Richey

Site Security

Your administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered. The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself. Key features: - Access key(s) - key...

Free

EU e-Privacy Directive

By Michael Richey

Cookie Control

Comply with the GDPR and EU e-Privacy law (AKA the EU Cookie Law)! Block all cookies until the user has accepted them - Session, Language, even 3rd party cookies and cookies set by JavaScript! Those are some big claims, so I must explain that there are some caveats. 3rd party cookie blocking requires PHP 5.3 and the PHP Reflection Classes. Blocking cookies set by JavaScript requires IE8 or gre...

Free

Top of the Page

By Michael Richey

Site Navigation

With native MooTools AND jQuery modes, compatibility in all major browsers (including IOS and Android), Joomla cache friendly, and a ton of other features - this is ORIGINAL WORK and the most advanced top-button plugin available for Joomla! "Return to Top" links do nothing for SEO and can even detract from it, and they can clutter your page. When you have a very long page, how do you decide whe...

Free

ByeByeGenerator

By Michael Richey

SEO & Metadata

Anyone can change the generator tag - This is the only generator extension that can remove the generator tag entirely - even from your RSS and ATOM feeds! This simple plugin allows the site administrator to customize the generator tag or remove it entirely. As of version 1.7 - also removes the generator tags from RSS and Atom feeds! 2.5+ users - you don't really need this plugin unless you're n...

Free

Favicon

By Michael Richey

Design

If you're searching for a comprehensive favicon solution, your search is over. Google, Yahoo and most of the other big boys use multiple favicons for different sections of their services. This functionality has now been delivered to Joomla! The interesting thing about favicons, is that when you drag a favorite from Internet Explorer onto your desktop, Windows creates the icon from the favicon f...

Free

Authentication - EMail

By Michael Richey

Site Access

Extend Joomla! authentication to accept email as username (instead of/in addition to username). You can have both! My users occasionally forget their usernames. I suspect that your users do too. Heck, I forget my usernames once in a while! Fortunately I never forget my email address. Why must users login with their username when an email address is just as unique? Keep your users coming bac...

Free

DomainRestriction

By Michael Richey

Site Access

Allow/Deny registration to specific email, domain or TLD and perform automatic group assignments on IP (address or CIDR network), email, domain or TLD. Restrictions, group assignment/revocation, and more. Using DomainRestriction is simple. Enter one or more domains into the plugin configs and you're done. Anyone attempting to register an email address that isn't on the approved domain list is...

Free

MooAccordion

By Michael Richey

Article Elements

Need accordions for content items? With this plugin, you can have multiple accordions per page, and even nested accordions are possible with this plugin. Each accordion can be automatically styled from 3 included templates, or using your own custom styles. The plugin alters existing code on your page, so there is no need to wrap your accordion content with tags. When a visitor arrives without J...

Free

Browser Update Warning

By Michael Richey

Browsers & Web Standards

Set (and optionally require) minimum browser versions for your site. Using this plugin, you can display a warning message that the users browser is outdated, along with a suggestion that they update (or install) a browser that meets your requirements. Using this plugin, you can choose minimum version numbers for the major browsers. These are the browsers supported by this plugin: Internet Expl...

Free

Session Keeper

By Michael Richey

Performance

Provide automatic keepalive for certain groups, and session timeout notifications for everyone else. Everyone knows how frustrating it is to be logged in, working on something important, only to learn that your session expired while you were working and all of your changes were lost. Session Keeper resolves that issue by allowing an administrator to specify which groups are to be kept alive aut...

Free

Offline

By Michael Richey

Offline

Q: How do you test Guest functionality when your site is offline? A: You install the Offline plugin! Normal Joomla operation requires a valid user to enter their username and password to get past the offline template page. Logging in prevents testing of guest functionality on your site. So your choice to take your site offline for development or testing actually prevents an entire segment of t...

Free

System - Nomad

By Michael Richey

Site Access

Nomad is not login redirection, it's homepage redirection!!! Joomla gives you a single homepage - Nomad gives another. An administrator can make global homepage setting and after a user logs in, when they attempt to visit the homepage - they are sent to the homepage defined in the plugin settings. With the Pro version, there are no limits to the number of assignments you can make. Global, grou...

Free

ScriptsDown

By Michael Richey

Performance

Increase your YSlow and PageSpeed scores by moving Javascript files to the bottom of your page. ScriptsDown can do that, and more!! You can make changes to your template, but the scripts automatically added by components will always end up at the top! ScriptsDown moves ALL of your scripts to the bottom of the page just before the closing body tag (even IE conditionals). It doesn't matter where...

Free

MicroBread

By Michael Richey

SEO & Metadata

Fine tune your SERP with Microdata Rich Snippet data in your breadcrumbs. Others have tried, and had moderate success. MicroBread delivers rich snippet data per the Microdata guidelines. This module replaces the existing breadcrumbs module. All functionality remains intact, with one additional layout file included for maximum Bootstrap compatibility. Your breadcrumbs will supercharge your SER...

Free

CleanFeed

By Michael Richey

RSS Syndicate

Strip Joomla tags from your RSS and ATOM feeds. On special request, I made this plugin to remove plugin tags from RSS and ATOM feeds generated by Joomla. The single configuration is a textarea where a list of plugin tag names is placed. The default "*" will strip all tags that are found. The plugin will search output for tags matching the configuration list. For example, if you entered "some...

Free

Meta Robots

By Michael Richey

SEO & Metadata

Add more Meta Robots options to Joomla Metadata parameters. A woman in the forums asked "Why can't I set noarchive in meta robots?" I thought to myself, yeah - what she said. Although a little complicated, it turns out that it can be done with minimal fuss. This plugin extends the follow/nofollow + index/noindex options to include unavailableafter, notranslate, noimageindex, noydir, noodp, nosn...

Free

User - StaticPassword

By Michael Richey

Site Security

Prevent one or more user groups from changing their passwords! Enforce static passwords for selected groups. A similar extension exists for J1.5, but since it hadn't been updated - I created a 2.5 compatible version. Usage is simple - enable the plugin after selecting which user groups will be prevented from password changes. When saved, the users in those groups will not be presented with the...

Free

SEBLODFeed

By Michael Richey

SEBLOD extensions

Tired of seeing ::cck:: in your Joomla RSS and ATOM feeds? SEBLODFeed will process your SEBLOD tags in your feeds just like you see them in your site. Sponsored by Jeremy Goimard, this extension scans your feed output and replaces the SEBLOD tags with your SEBLOD content. If you see Jeremy in the forums, and you use this plugin - be sure to thank him for commissioning its creation. Jeremy thin...

Free

Age Of

By Michael Richey

Events

Replace date tags within your content items with formatted date strings that count up or down to the specified date. Prefix and suffix based on past or future dates. Date range restrictions, and more. Use the plugin configuration to set defaults, such as standard output length (how many units of measure to display) as well as default suffixes and prefixes for both past and future dates. Within...

Free

System - Article Hits

By Michael Richey

Analytics

Do you need to alter the article hits on your site? With this plugin, you can directly edit the hit counter for any article your user is authorized to edit. Just type in the new number, and hit save. This free extension was sponsored by a client of mine because he didn't want to grant employees access in the database (a potentially dangerous action), but at the same time he needed the hits on h...

Free

Fields - Location

By Michael Richey

Custom Fields

The Fields - Location plugin offers a Google map location selector as a custom field type. Using this plugin, you can add any number of map fields to your articles, categories, contacts and/or users. The plugin configuration offers only 2 options, Google Maps API key and Google Maps Static API key. The field configurations are made on a per-field basis. You can choose sizes, default location,...

Paid download

Fields - Subform

By Michael Richey

Custom Fields

Subform fields for your users, contacts, and articles (and any other extension that supports custom fields) The subform field type is very powerful and now that the capability is delivered to custom fields, you can collect groups of data and even repeating data (this plugin supports repeating subforms). Defining your own XML form, you can customize the collected data to meet your needs. Create as...

Free

External Favicon

By Michael Richey

Site Links

Alter the appearance of your external links to display the Favicon of the destination. Each exernal link can be displayed with the associated favicon retrieved from the destination site. Use is simple - install and enable. Configuration options include: If the plugin should operate in the component template (modal, and other windows) Per-domain alternate images Per-domain exclusion Parent ite...

Free

NicePanel

By Michael Richey

Modules Panel

Sliding panels are nice, but have been restrictive and difficult - until now! Top and bottom tabbed sliding module panels done right with NicePanel. NicePanel provides an administrator the ability to create as many top and/or bottom sliding panel tabs as (s)he wishes. Here are the features: -Separate top/bottom panel configurations -Automatic tabs - based on the module title Preserves Javascri...

Free

Before/After

By Michael Richey

Images

Based on the wildly popular CatchMyFame.com Before/After jQuery plugin, the Joomla Before/After plugin provides 100% of the functionality in a non-commercial content plugin. Use it anywhere you want, as many times as you want. In articles, category descriptions, modules - anywhere Joomla processes content plugins. Note: The CatchMyFame.com Before/After jQuery plugin is released under the CC Att...

Paid download

Nomad Pro

By Michael Richey

Site Access

Nomad is not login redirection, it's homepage redirection!!! Joomla gives you a single homepage - Nomad Pro gives as many as you need! Global, per-group or per-user - as many as you need. An administrator can make global redirect setting, per-group settings, and/or individual user settings. The plugin checks first for a user setting, then a group setting, then a global setting - redirecting on...

Free

System - Meta Character Count

By Michael Richey

SEO & Metadata

Search engines limit the amount of text in each SERP result. Meta Character Count displays a live word and character counter for the title, description and keywords fields in Joomla Global Configuration, Content Categories and Articles (frontend and backend) and now also Menu items! Be certain that your most relevant content ends up on the SERP and doesn't get truncated. Update 1.2 2/10/12: Add...

Free

Log Bad Passwords

By Michael Richey

User Management

Capture the bad passwords your users type. Learn and track what bad passwords your valid users are entering into login screens. One day, while trying to remember which password I used to log into my Google account, it occurred to me that Google could easily track bad passwords and associate them to a particular user. With this information, along with the rest of what Google knows about us, they...

Free

User - StaticEmail

By Michael Richey

User Management

Prevent one or more usergroups from changing their email addresses! On request, I made this extension similar to my StaticPassword extension - it even works the same way. Usage is simple - enable the plugin after selecting which usergroups will be prevented from email address changes (use CTRL or Mac Command key to select multiple). When saved, the users in those groups will not be presented wi...

Free

Loggie

By Michael Richey

Admin Reports

Are your server error logs hard or impossible to retrieve? Do you even know how to get them? Loggie can help! If your host is anything like mine, your log files are hard to get to. When they are available, they're slow to retrieve. In my case, it takes 5 minutes or more for a log to appear in the log file - and I must download it repeatedly looking for the errors I'm trying to find. Loggie i...

Paid download

System - Ad Block Reactor

By Michael Richey

Ads & Affiliates

Take back control of your pages when users are blocking ads! Unlike other adblock detectors, this extension does not force you to handle ad blockers in any particular way. It gives you the tools necessary to fine-tune a solution that works for you. If you want to just monitor usage, this plugin can help you with that. If you want to display a message, or disable users from viewing your arti...

Free

HeadTag

By Michael Richey

Coding & Scripts Integration

Insert any JavaScript/CSS/Any tag into the document head based on ItemID (menu item) or by using the content plugin tag options. Similar plugins exist, but they are either limited in scope, or have terrible configuration interfaces. HeadTag aims to be an all-in-one solution to provide the ability to add the following types of tags to the document - JavaScript/CSS source files JavaScript/CSS D...

Free

CoolClock

By Michael Richey

Time

This module implements all available features of Simon Bairds CoolClock Javascript. Where other clock modules provide a limited number of skins, this module provides 19 predefined skins plus the ability to define your own! Any number of clocks may be present with or without custom skins! Update 1.3 - updated to excanvas r3 Version 1.4 Joomla 3.0 compatibility Version 1.5 adds day/night configur...

Free

User - Password Strength

By Michael Richey

Site Access

A fully customizable user password strength meter for your user registration, profile edit and admin user edit pages. This plugin effects forms created with JForm to add the strength meter. It doesn't get any easier than this - enable the plugin and the meter appears. Everything can be customized! CSS Style MooTools Transitions Text Weak/Medium/Strong tests Can be extended to work with other...

Free

Do Not Track

By Michael Richey

Browsers & Web Standards

The problem with Do Not Track is that site owners and services ignore it. Be part of the solution - implement Do Not Track and make the web a better place. For those who don't know what Do Not Track is all about, please refer to this site: http://donottrack.us/ This plugin detects the Do Not Track browser setting and adds or removes a Joomla Access Level based on that setting. Components, Mod...

Free

External Link Warning

By Michael Richey

Site Links

Provide a warning to your users when they are about to follow a link that takes them away from your website. Some customers wish to provide these warnings as a legal requirement, others simply want to prevent confusion for users leaving their site....

Paid download

External Link Warning Pro

By Michael Richey

Site Links

Like the free version, provides a warning to your users when they are about to follow a link that takes them away from your website. Some customers wish to provide these warnings as a legal requirement, others simply want to prevent confusion for users leaving their site. Prevent warning for specified domains Prevent warning for links with specified CSS classes Apply CSS classes to links which...

Paid download

AdminExile Pro

By Michael Richey

Access & Security

Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile Pro has you covered. Key features: - Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH. - Front-end Restriction - Restrict certain accounts from logging into the front-end...

Paid download

Top of the Page Pro

By Michael Richey

Site Navigation

The most advanced page top-button plugin available for Joomla! "Return to Top" links do nothing for SEO and can even detract from it, and they can clutter your page. When you have a very long page, how do you decide where to put them? Do you need more than one? Are they visible when the user is already at the top of the page? Top of the Page removes these concerns by creating a "Return to Top" l...

Paid download

Authentication - As User

By Michael Richey

User Management

Have you ever needed to access your site as one of your users? As User makes that task as simple as can be. Their username - your password. It really is that simple. With the As User plugin, a user in any group authorized in the plugin configuration is able to log into the site as almost any other user by using their own password. Of course, there is that caveat "almost any other user". The plu...

Paid download

Profile History

By Michael Richey

User Management

Record changes to user profile data. If you're like me, you have many sites to keep track of. You might even share that responsibility with other administrators. This extension is for you! I wrote this to put an end to finger pointing for some of the sites I manage. Who deleted that user? Who changed this password? Who disabled this account? NO MORE! Not only will you know who changed it, but ex...

Paid download

Expires Headers Pro

By Michael Richey

Browsers & Web Standards

YSlow and Pagespeed look at Expires Headers when evaluating your site. This plugin allows an administrator to set global Expires, Cache-Control and Pragma headers, as well as individual settings (inclusive or exclusive) for particular menu items. Speed up your site by following the rules! Set short time-spans for pages that change frequently, and longer time-spans for pages that don't. Note: Exp...

Paid download

User - Auth Log

By Michael Richey

User Management

This user plugin tracks successful and failed login attempts, the connecting IP address, the OS, Browser (and version) and of course - the time attempted. Available in /administrator and optionally in the user profile (only visible to the owning user), this plugin offers an AJAX powered IP lookup, providing some rudimentary details from a free lookup service. I welcome suggestions for improvemen...

Paid download

System - SCSS

By Michael Richey

Development Tools

More and more templates are being delivered with the SCSS sources alongside the compiled CSS. Changing the CSS can be tedious, especially when considering the implications of mixins and color variation based on variables.....It can be an absolute nightmare to cover all of the possibilities introduced by SCSS! This plugin monitors for changes, compiling SCSS when a change is detected. Alternativ...

Paid download

CLI - Reminder

By Michael Richey

Project & Task Management

With CLI - Reminder, you can create user notes that trigger reminder emails in the future! Configuration options are extensive, and can be stacked. Features: Notify user for the account which the note belongs (based on category) Notify the user who created the note (based on category) Recipient user assignments per-note category Multiple recipient assignments per-note category Additional per-n...

Paid download

Authentication - Session Limit

By Michael Richey

Site Security

If you want to limit concurrent logins in Joomla, there are few options. If you want granular control of concurrent logins based on your own access levels, this is the plugin for you. Features: Uses Joomla ACL to define login limits. Arbitrary limits - You can give users 1 or 10 (or more) based on ACL Option to make one Access Level immune. Users who are members of multiple limit levels are gr...

Paid download

System - Required Fields

By Michael Richey

User Management

The System - Required Fields plugin is designed to keep your user profile fields filled and current. This is accomplished by redirecting users to their profile edit screen when they have any required field that is un-filled. Until they meet the field requirements, they cannot leave the profile edit screen. Keep their information up-to-date by setting a "Revisit Interval". When a user has not s...

Paid download

Fields - Terms of Service

By Michael Richey

Custom Fields

The Fields - Terms of Service plugin adds a custom field type (tos) that allows you to add terms field(s) to your registration form. In case you missed that - you can add terms FIELDS (plural) to your registration forms. To comply with the EU GDPR requirements, this field was developed to allow an administrator to add a required acceptance field to the registration form, and add additional field...

Paid download

System - Software Log

By Michael Richey

Data Reports

Each installer event on your system can be logged with this extension. New extension installs, manual updates, automatic updates, uninstalls and even extension param changes are logged. Tracking for Components, Plugins, Modules, and Templates. The plugin has a log viewer, allowing sorting, drill-down, and filtering by name or user. Features: Log all software changes Recover previous extensio...

Paid download

Content - YouTube (No Cookies)

By Michael Richey

Multimedia Players

This plugin uses {ytnc} tags to identify videos to embed. It can be optionally configured to detect links to YouTube videos, but this is not as easy to use as the display configuration options must be included in the URL. This plugin is also capable of embedding using a process called Lazy Loading, where the video thumbnail and a play button is displayed, and when clicked - the video is loaded. Th...

Paid download

System - Voice Search

By Michael Richey

Site Search

Siri, Android, Cortana - The big web companies have been using voice for years. With the fast maturing SpeechRecognition API, you can bring this functionality to your website! With nearly complete implementation in Chrome, and a better than 50% of users browsing with Chrome - it's possible to expose a fair number of users to voice search. If you're using any of the browsers listed below, you shou...

Free

System - HTTP/2 Push

By Michael Richey

Performance

I wrote this extension over a year ago, but never released it because the server support wasn't there. Apache 2 and now NGINX both support HTTP/2 Push, so now it's time to put this technology to work for you. For those not familiar with the standard, HTTP/2 introduced a concept known as "Push", where the server can send more than one document on a request. If your page has a stylesheet and/or ja...

Free

System - Bundler

By Michael Richey

Performance

Testing my own sites, I found that one piece I was always shaking my head at was the number of CSS and Javascript files that were being sent to visitors. With just a few plugins, it was easy to have 40 or more JS and CSS files being sent. This plugin can reduce that number significantly!. By bundling files, you can reduce the number of HTTP requests by your visitors which reduces your server load...