-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Ryan Parman edited this page Jun 11, 2024
·
8 revisions
CSP Parser and Evaluator in Go is a CLI tool and library which can evaluate a Content-Security-Policy value, and provide actionable feedback about how to improve it. There is tooling and reporting that we want to be able to do in the future, but having a strong parser/evaluator is the first step.
- Web interface for evaluating a CSP policy?
- CSP generator from a sitemap?
- CSP policy modernizer?
- Receiver of CSP violation reports?
See the sidebar for more detailed information and recommendations.
- Content Security Policy Level 2 (formal recommendation)
- Content Security Policy Level 3 (working draft)
- web.dev: Content security policy
- MDN: Content Security Policy (CSP)
- OWASP: Content security policy (outdated)
- content-security-policy.com
- Can I use: Content Security Policy?
- Mozilla HTTP Observatory
- csp-evaluator
Content licensed under CC BY-SA.
- 🧪 Experimental, with limited support
⚠️ Important notes on usage- 🚫 Deprecated or obsolete
- base-uri
- block-all-mixed-content 🚫
- child-src
- connect-src
- default-src
- fenced-frame-src 🧪
- font-src
- form-action
- frame-ancestors
- frame-src
- img-src
- manifest-src
- media-src
- navigate-to 🚫
- object-src
- plugin-types 🚫
- prefetch-src 🚫
- referrer 🚫
- report-to 🧪
-
report-uri
⚠️ - require-trusted-types-for 🧪
- sandbox
- script-src-attr
- script-src-elem
- script-src
- style-src-attr
- style-src-elem
- style-src
- trusted-types 🧪
- upgrade-insecure-requests
- webrtc
- worker-src