CSP Resources

References and Learning

  • CSP 1.0 Spec
  • CSP 1.1 Spec – Still in Draft status
  • HTML5 Rocks Introduction to CSP – Excellent examples
  • Web Application Security Working Group
  • OWASP CSP Overview
  • CSP Quick Reference

Policy Builders and Tools

  • CSP is Awesome – CSP Policy Generator
  • CSP Recommendation Bookmarklet – Bookmarklet for Policy Creation
  • Can I Use: Content Security Policy – Current Browser Support
  • CSP AiDer/CSP Recommender – Site Analyzer with Policy Creation
  • UserCSP – Firefox Extension to Generate and apply CSP on the client side

Case Studies and Examples

  • SendSafely Blog: “Retrofitting Code For Content Security Policy” – CSP on SendSafely.com and updating ReCAPTCH
  • Github Blog: “Content Security Policy” – CSP on Github.com
  • Twitter Blog: Improving Browser Security With CSP – CSP on mobile.twitter.com
  • Ben Summers’ Blog: “Strategies for implementing Content Security Policy” – CSP on oneis.co.uk

Browser Implementation Details and Tests

  • Chromium CSP Test Suite
  • CSP Readiness Tests and csptesting.herokuapp.com – In-browser CSP tests

Start typing and press Enter to search

Shopping Cart