Consepo works on every stack

One scan. Six deployment formats. No platform lock-in.

You don't need to be on WordPress, WooCommerce, or any specific framework for Consepo to help. We render your site like a browser does and export the policy in whatever format your hosting actually accepts.

Cloudflare Workers, WP Engine, Pressable, custom origin servers, an Apache shop running on a VPS — the policy generation is the same. Pick the export that fits, ship in Report-Only, and let monitoring fill in the production gaps the crawler can't reach on its own.

  • HTTP header, meta tag, WordPress MU-plugin, Cloudflare Worker, WP Engine config, or JSON for any CDN.
  • Real-browser crawl works against any public site, on any platform.
  • Monitoring runs from a JS snippet, so it doesn't care about your origin stack.
Run a free scan See plans

Need the standard behind the workflow? Read the W3C CSP Level 3 specification.

Consepo Workflow

Deployment targets

  • 1HTTP Content-Security-Policy header
  • 2<meta http-equiv> tag for static sites
  • 3WordPress MU-plugin with editable directive arrays
  • 4Cloudflare Worker, WP Engine, and CDN-ready JSON exports

Skip the rewrite when you migrate

If you change platforms, the same scan still produces a deployable policy in the new format. Your CSP project survives the next infrastructure decision.

Pick the format your stack actually accepts

Some platforms own the response headers; some don't. Consepo gives you a meta-tag or JSON path when you can't reach the headers directly.

Run monitoring anywhere

The monitoring snippet doesn't depend on your origin server, framework, or CDN — it runs in the browser, so it fits whatever you've already shipped.

Workflow

How this fits the Consepo rollout

Step 1

Scan the live site

Consepo renders pages in Chromium and records the scripts, styles, fonts, frames, and image origins each one loads, regardless of how the site is served.

Step 2

Pick your export

Choose the format that matches your hosting — header for origin servers, MU-plugin for WordPress, Worker for Cloudflare, JSON for everything else.

Step 3

Ship and monitor

Deploy in Report-Only, drop in the monitoring snippet, and use real-session data to refine the policy before enforcement.

Deliverables

What teams get out of it

  • Six deployment-ready export formats from one scan
  • A workflow that survives platform migrations
  • Browser-side monitoring that runs anywhere your site does

Next step

Scan the site, review the evidence, and move toward an enforceable CSP.

Consepo is built to help teams go from first crawl to stable policy rollout without guessing which sources belong in the final header.

Create accountBack to overview