Self-Hosted Content Security Policy (CSP)

Starting with Sentry 23.5.0, it is possible to enable the CSP header on self-hosted Sentry installations. The good news is that Sentry itself supports collecting of CSP reports. We recommend creating a separate Sentry project for CSP reports. To enable CSP and reports collection, you'll want to configure the following settings in

CSP_REPORT_URI = "{csp-project-id}/security/?sentry_key={sentry-key}"

We recommend starting with CSP_REPORT_ONLY = True. Once there are no violations under normal use, you can switch it to CSP_REPORT_ONLY = False. This will enforce CSP and all unwanted scripts/resources will be blocked.

If you'd like to allow custom sources, extra CSP keywords can be added. We support the django-csp syntax. For example:


Default CSP_* settings are defined in

You can edit this page on GitHub.