CentralCSP
Register

Main menu

All articles

Next Article

What is data: & why avoid it in CSP ?

Alerting in CentralCSP

Thursday, January 15, 2026
4 min read
Theotime QuereCentralCSP Team
CentralCSP's alerting feature sends notifications when important events occur on your monitored sites such as new scripts in your Script Inventory or CVE-related findings. Real-time alerting is critical for maintaining security and compliance because it turns passive data into actionable signals.

What Alerting Does

Alerting connects your CentralCSP data to the channels you use every day. When a configured event happens, CentralCSP can notify you via:
  • Webhooks , receive a POST request with a JSON body containing the rule name, payload, and timestamp.
  • Slack channel, receive a message in the channel when an event occurs.
You choose which events to subscribe to and where to send them. The goal is to surface problems as they happen so you can investigate and respond instead of discovering them in a report later.

Why It Matters for Security

A Content Security Policy and reporting give you visibility after the fact. Alerting shortens the time between “something happened” and “someone is looking at it.” For example:
  • New origin detected Receive a notification when a new origin is used to load scripts.
  • New or changed scripts If a new script appears on a payment page or a known script's hash changes, alerting can notify you so you can verify it's authorized.
  • CVE and script risk When CentralCSP correlates scripts with known vulnerabilities, alerts help you prioritize patching or temporary mitigations.
Faster response reduces the window in which an attacker or misconfiguration can cause harm.

Why It Matters for Compliance

Frameworks like PCI DSS expect you to manage and monitor scripts on pages that handle cardholder data. Demonstrating that you:
  • Know what scripts run (inventory)
  • Restrict what can run (CSP)
  • Are notified when something relevant changes (alerting)
shows ongoing control. Alerting is the mechanism that turns monitoring into a process: when something changes, someone is informed and can act.

How to Use It

In CentralCSP you configure:
  1. Event types e.g. new script detected, CVE matched.
  2. Channels webhook URLs or Slack channel.
  3. Scope which sites or policies the alerts apply to.

See also

Continue Reading

JSONP and Content Security Policy

Learn what is the JsonP endpoint and what is the impact of using it with CSP. See how to avoid using JSONP endpoint and how it can be used to bypass CSP.

2025-06-08
10 min read
Theotime QuereTheotime Quere
Read more

CSP & meta tags

Learn how to implement Content-Security-Policy using meta tags and understand the limitations compared to HTTP headers.

2024-11-16
4 min read
Theotime QuereTheotime Quere
Read more

Main menu

All articles

CentralCSP Team

Written by

CentralCSP Team

    Alerting in CentralCSP