Search
My Cart

yireo / magento2-csp-inspector

yireo/magento2-csp-inspector

Magento module to help with inspecting CSP headers

magento2-module Compatibility: Partially compatible Code Quality: Fail Tests: N/A Security: Pass OSL-3.0

CSP Inspector for Magento 2

Simple CLI tool to inspect the current CSP headers of a specified Magento URL and report back the values - because it is too cumbersome to search for values in the browser.

Please note that this tool does NOT report issues with those CSP headers, it only inspects the currently generated HTTP headers. Use other tools like SanSec Watch or the M.Academy CSP Generator to fix your CSP headers.

Installation

composer require --dev yireo/magento2-csp-inspector
bin/magento module:enable Yireo_CspInspector

Usage

Report all policies and the mode of the homepage:

bin/magento csp:inspect

Report all policies and the mode of the cart-page:

bin/magento csp:inspect checkout/cart

Report all policy values for the policy script-src on the homepage:

bin/magento csp:inspect:policy script-src

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

[1.0.6] - 01 June 2026

Fixed

  • Make commands Symfony 7 compliant

[1.0.5] - 22 October 2025

Fixed

  • Copy generic CI/CD files
  • Add CHANGELOG
  • Fix wrong import of Console InputArgument, should be Symfony clas
  • Remove int return type from Symfony commands for Symfony 5 compat
  • Properly check for URL
Versions
Version Stability QA Status Compatibility Released
1.0.6 stable Fail Partially compatible Details 2026-06-01 17:42:56
1.0.5 stable Not tested Not yet tested Details 2025-10-22 11:40:07
1.0.4 stable Not tested Not yet tested Details 2024-09-12 13:56:41
1.0.3 stable Not tested Not yet tested Details 2024-09-03 09:51:13
1.0.2 stable Not tested Not yet tested Details 2024-09-03 09:42:06
1.0.1 stable Not tested Not yet tested Details 2024-09-03 08:34:37
1.0.0 stable Not tested Not yet tested Details 2024-08-23 13:23:03

Requires 6

Package Constraint
ext-pcre *
guzzlehttp/guzzle ^6.0|^7.0
magento/framework ^102.0|^103.0
magento/module-csp ^100.0
magento/module-store ^101.1
symfony/console ^5.0|^6.0|^7.0|^8.0

Compatibility

Each Magento release line is installed on its supported PHP versions, then the module is built (DI compilation + static-content deploy) and its unit and integration suites are run. The matrix shows the lines and PHP versions the module is confirmed to install and run on. Code-quality results further down (phpstan, phpcs, …) are reported separately and never affect compatibility.

Compatibility matrix (Magento × PHP)
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 not tested not tested
2.4.8 not tested not tested
2.4.9 not tested Pass

Code Quality

Advisory checks against the module's source. Static analysis runs once across the whole module; PHPStan re-runs per Magento + PHP version because resolvable symbols differ between releases. These NEVER affect the Compatibility badge — a phpcs finding can't make a module incompatible.

Static analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

Static analysis results
Tool Status Findings Summary
PHPCS Warning 2 2 warnings (ruleset: Magento2) — 2 auto-fixable with phpcbf
PHPMD Pass 0
Cpd Pass 0
Composer validate Info 1 valid; 1 advisory note (composer validate --strict)

PHPStan

Type-checks the module's PHP against a real Magento install at the configured gate level. Re-runs per Magento and PHP version because resolvable symbols differ between releases. Cell → details modal.

PHPStan results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 3 3
2.4.8 3 3
2.4.9 3 3

Tests

Unit and integration suites, run for each applicable Magento and PHP version. A test failure speaks to the module's behaviour, not its compatibility with a Magento line, so it is reported here separately and never reddens the compatibility matrix.

Unit tests

Unit tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Integration tests

Integration tests results by Magento and PHP version
Magento PHP 8.2 PHP 8.3 PHP 8.4 PHP 8.5
2.4.7 N/A N/A
2.4.8 N/A N/A
2.4.9 N/A N/A

Security

Security checks run directly against the module: an audit of its declared dependencies for known vulnerabilities (composer audit) and a scan of its source for malware and web-shell signatures. Each runs once. A malware detection fails the version outright.

Security results
Tool Status Findings Summary
Composer audit Pass 0
Malware scan Pass 0
License
OSL-3.0

More from yireo

View vendor
yireo/magento2-replace-bundled Free
magento2-module

Replace bundled third party packages from Magento

v4.3.4 1yr ago
0
yireo/yireo_extensionvalidationtools Free
magento2-module
v0.0.2 3yr ago
0
yireo/magento2-auto-invoice-zero-subtotal-orders Free
magento2-module
v1.0.0 1yr ago
0
yireo/magento2-customer-commands Free
magento2-module

N/A

v1.0.1 2mo ago
0
Make it pay

Turn an existing module into recurring revenue.

If you already maintain a Magento 2 module on GitHub or GitLab, listing it on Packagento takes about five minutes. We mirror your tags, handle distribution signing, and route paid licenses through Stripe Connect, so you can keep shipping the way you already do.

List your module