Policy Watch

Know the moment your CSP changes

Your Content Security Policy is only doing its job if it's the policy you authorised. Policy Watch monitors the CSP you're actually serving and tells you the moment it changes.

CSP Monitoring

A CSP you don't monitor is a CSP you don't control

Your CSP is the policy that decides what's allowed to run in the browser. It's the enforcement layer underneath your client-side security. And it can change without anyone telling you.

Unseen Drift

Your policy changes and no one notices

A deploy loosens a directive. A new source gets added to unblock a broken feature. The policy you're serving today isn't the one you signed off on, and nothing flagged it.

Weakened Protection

A loosened directive is an open door

Every unsafe-inline, every added domain, every removed restriction widens what's allowed to execute. A weakened CSP doesn't break the site. It just quietly stops protecting it.

No Audit Trail

You can't prove what your policy was

When an auditor asks what your policy was three months ago, or an incident review asks when a directive changed, a live header won't answer. You need the history, not just the current state.

Continuous CSP Monitoring

Continuous oversight for the CSP you're serving

Policy Watch watches the policy delivered to real browsers and records every version of it.

Change Detection

Every change to your CSP, caught as it happens

Detects every change to your CSP: additions, deletions, modifications. The moment your policy differs from what it was, Policy Watch catches it — no scheduled scan to wait for.

Immediate Alerts

Notified the moment the policy differs

Get an email notification as soon as a change is detected. No scheduled scans, no waiting for the next review cycle. You know when it happens.

Full Policy History

A complete record of every policy you've served

View a complete audit of your current and historic policies, including when each was first seen, when it was last seen, and how often it appears on your site.

How Policy Watch Works

No changes to make. One click to start.

If you're already sending CSP telemetry to Report URI, you don't need to change anything to use Policy Watch. Enable it with a single click and it starts monitoring the policy you're already serving.

Policy Watch reads the policy you're already sending. It adds nothing to your page and can't break what it monitors.

No new configuration

No changes to your CSP

No agents, no injected code, no performance impact

Included in the Business plan or higher

Get Started

Start monitoring your CSP

One click to enable. No changes to your policy.

30-day free trial  ·  One click to enable  ·  No changes to your CSP  ·  Business plan or higher

Related Features

Part of your client-side security layer

Policy Watch monitors the CSP that powers Report URI's other client-side security features. These work alongside it:

Capability What it adds
Script Watch Real-time alerting on changes to your JavaScript dependencies.
Data Watch Track changes to where your site sends data, in real time.
Threat Intelligence Detect indicators of compromise to know if your site is breached.
PCI DSS Compliance Meet your PCI DSS 4.0 obligations with CSP and Report URI.

Together, these form the client-side security visibility layer that sits between your CSP policy and your incident response process.